couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Shorin (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (COUCHDB-2621) Hide _metadata database from the world by default
Date Mon, 23 Feb 2015 21:05:12 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-2621?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alexander Shorin updated COUCHDB-2621:
--------------------------------------
    Description: 
After IRC conversation with [~janl] and [~chewbranca] we -decided- are proposing to hide _metadata
database from the world by blocking all the access to it via HTTP API.  The motivation is
the following:
- it lacks of validation logic, but adding such may hurt overall performance a more;
- it creates a confusion about database security management: should users use /db/_security
endpoint of /_metadata/db@security one?
- technically, it allows to replicate databases metadata across the cluster, but this use
case is a dark room of black cats;
- there is something about quorum thing, but I didn't get that completely (:

The proposal is to add chttpd handler which returns a HTTP error (403 Forbidden?) on /_metadata
request and only allows to access to it from HTTP after setting couchdb/expose_metadata_database
with value true in config file.

  was:
After IRC conversation with [~janl] and [~chewbranca] we decided to hide _metadata database
from the world by blocking all the access to it via HTTP API.  The motivation is the following:
- it lacks of validation logic, but adding such may hurt overall performance a more;
- it creates a confusion about database security management: should users use /db/_security
endpoint of /_metadata/db@security one?
- technically, it allows to replicate databases metadata across the cluster, but this use
case is a dark room of black cats;
- there is something about quorum thing, but I didn't get that completely (:

The proposal is to add chttpd handler which returns a HTTP error (403 Forbidden?) on /_metadata
request and only allows to access to it from HTTP after setting couchdb/expose_metadata_database
with value true in config file.


> Hide _metadata database from the world by default
> -------------------------------------------------
>
>                 Key: COUCHDB-2621
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2621
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Database Core
>            Reporter: Alexander Shorin
>
> After IRC conversation with [~janl] and [~chewbranca] we -decided- are proposing to hide
_metadata database from the world by blocking all the access to it via HTTP API.  The motivation
is the following:
> - it lacks of validation logic, but adding such may hurt overall performance a more;
> - it creates a confusion about database security management: should users use /db/_security
endpoint of /_metadata/db@security one?
> - technically, it allows to replicate databases metadata across the cluster, but this
use case is a dark room of black cats;
> - there is something about quorum thing, but I didn't get that completely (:
> The proposal is to add chttpd handler which returns a HTTP error (403 Forbidden?) on
/_metadata request and only allows to access to it from HTTP after setting couchdb/expose_metadata_database
with value true in config file.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message