couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-2452) Provide _users DB security when _users DB is on the clustered interface
Date Thu, 04 Dec 2014 12:02:13 GMT


ASF GitHub Bot commented on COUCHDB-2452:

GitHub user mikewallace1979 opened a pull request:

    Add users db security rules on clustered interface

    Apply authentication_db security rules when authentication_db is on the clustered interface

You can merge this pull request into a Git repository by running:

    $ git pull 2452-users-db-security-on-clustered-interface

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #12
commit 748f5350462395b023366997d77c45a48cced8b3
Author: Mike Wallace <>
Date:   2014-11-10T23:16:10Z

    Only admin can read _changes on clustered _users
    COUCHDB-2452 1/5

commit ce83780490b4fefaa0df5df2ed7447cc6331befd
Author: Mike Wallace <>
Date:   2014-11-10T23:19:37Z

    Export function for updating auth docs
    The process of writing documents to the authentication DB varies
    depending whether the authentication DB is on the admin or the
    clustered interface. Authentication handlers should therefore
    abstract the details away and provide a generic update_doc
    This commit adds an update_auth_doc function to the chttpd auth
    cache which proxies to fabric:update_doc/3.
    COUCHDB-2452 2/5

commit 1cea10dc98cb1d04ed0b0a081687324f92177dea
Author: Mike Wallace <>
Date:   2014-11-10T23:37:02Z

    Strip non-public fields from _users all_docs on 5984
    A _users DB on the admin interface will strip non-public fields
    from documents in the _all_docs view when include_docs=true.
    This commit creates the same behaviour when the _users DB is on
    the clustered interface by using the appropriate callback in
    COUCHDB-2452 3/5

commit 9b5406b4b6d39ec5df6d1061c270f7a90e797a67
Author: Mike Wallace <>
Date:   2014-11-10T23:41:35Z

    Only admins access _users _all_docs on 5984
    When couch_httpd_auth/users_db_public is set to false and the
    _users DB is on the admin interface (5986) only admins can read
    the _all_docs view.
    This commit creates the same behaviour on the clustered interface
    (5984) when chttpd_auth/users_db_public is set to false.
    Note: This duplicates code in
    couch_db:maybe_add_sys_db_callbacks/2 and couch_mrview_http:all_docs/3.
    COUCHDB-2452 4/5

commit 25ec565c18379ce5090b35c3186f6d4a27fbb6c8
Author: Mike Wallace <>
Date:   2014-11-13T20:32:34Z

    Only admins access _users design documents
    The check for admin when opening a design document in the
    authentication DB was previously being carried out in a callback
    function called when the document was read from the shard. In
    order to allow admins to access the design document via the
    clustered interface it is necessary to either modify the
    chttpd/fabric plumbing so that the user context can be passed
    through for all design document calls, or alternatively move the
    check to the http layer where we already have the user context.
    Due to the number of places we would need to modify fabric to
    allow the option to be passed through the latter approach is
    This commit checks for admin in the http layer for requests
    which access design documents in the authentication DB.
    The couch internals part of that work can be found in related
    COUCHDB-2452 5/5

commit f2fcc285a4dfee352a8348ec6ad0f251543c5f3b
Author: Mike Wallace <>
Date:   2014-11-26T23:05:38Z

    Restart changes listener on config changes
    Previously if chttpd_auth/authentication_db was changed in the
    config then a changes listener would not be started for the new
    authentication DB until the current changes request timed out.
    During that time any changes to the users DB (e.g. password
    changes) would not take effect. This is primarily a problem when
    running share/www/script/test/users_db_security.js however it could
    conceivably become a problem under normal running conditions.
    This commit adds a config listener which causes the current changes
    listener to be killed when the chttpd_auth/authentication_db config
    value is changed. It will then be restarted via the existing
    handle_info/2 clause.


> Provide _users DB security when _users DB is on the clustered interface
> -----------------------------------------------------------------------
>                 Key: COUCHDB-2452
>                 URL:
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Database Core
>            Reporter: Mike Wallace
> The authentication DB (default name _users) has special security semantics which are
currently only supported on the admin port (default 5986). Since we support using the _users
DB on the clustered port we should also ensure the same security semantics apply there.

This message was sent by Atlassian JIRA

View raw message