couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-2452) Provide _users DB security when _users DB is on the clustered interface
Date Thu, 04 Dec 2014 12:02:13 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-2452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14234159#comment-14234159
] 

ASF GitHub Bot commented on COUCHDB-2452:
-----------------------------------------

GitHub user mikewallace1979 opened a pull request:

    https://github.com/apache/couchdb/pull/288

    Test users db security rules on clustered interface

    Explicitly test authentication_db security rules when authentication_db is on the clustered
interface (5984).
    
    COUCHDB-2452

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/apache/couchdb 2452-users-db-security-on-clustered-interface

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/couchdb/pull/288.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #288
    
----
commit 49f03e2be48dac56c27b220b11cd70676df50f99
Author: Mike Wallace <mikewallace@apache.org>
Date:   2014-11-26T23:17:04Z

    Teach dev/run to clear nodes DB
    
    This commit makes dev/run replace the nodes DB with an empty DB
    before adding the nodes doc. This changes the previous behaviour
    which was to just try adding the docs and ignore conflicts.
    
    The change makes it possible for a developer to run `dev/run -n 1`
    (to spawn a single node cluster) having previously run `dev/run`
    (which spawns a three node cluster). Without replacing the nodes
    DB the `dev/run -n 1` single-node cluster would still have two
    other nodes in the nodes DB and therefore not work correctly.
    
    Note that we explicitly delete each node doc rather than deleting
    the whole database because the cluster membership layer gets upset
    when the nodes database itself is deleted/recreated.

commit 23d79b3f606245ab657900fe7b1bc6ef77ace16e
Author: Mike Wallace <mikewallace@apache.org>
Date:   2014-11-27T15:13:44Z

    Test _users security on the cluster and admin port
    
    This commit modifies the _users DB security test so that it tests
    the authentication DB against the clustered interface in addition
    to the admin interface.
    
    Previously this test was only being run against the admin port.
    
    COUCHDB-2452

commit ed4a4a9e2bfbc906bc2339007fe7ef13137eba88
Author: Mike Wallace <mikewallace@apache.org>
Date:   2014-12-01T13:22:46Z

    Make users_db_security.js use N=1 clusters only
    
    The users_db_security.js test will not work against a multi-node
    cluster because it relies on config settings being made by the
    test code. Because there is no generic way of discovering the
    locations of the other nodes on a dev cluster (they may be on
    unexpected ports for one reason or another) it is only possible
    to guarantee those settings are made on a single node.
    
    This commit therefore forces the users_db_security.js test to run
    against a single node cluster by:
    
     - setting the cluster variables to N=Q=R=W=1
     - excluding the test in the Makefile and running it explicitly
       with `dev/run -n 1`
     - teaching run_on_modified_server to correctly preserve the old
       config settings when nested run_on_modified_server calls are
       made
    
    COUCHDB-2452

----


> Provide _users DB security when _users DB is on the clustered interface
> -----------------------------------------------------------------------
>
>                 Key: COUCHDB-2452
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2452
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Database Core
>            Reporter: Mike Wallace
>
> The authentication DB (default name _users) has special security semantics which are
currently only supported on the admin port (default 5986). Since we support using the _users
DB on the clustered port we should also ensure the same security semantics apply there.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message