couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neil Gibbons <gibbon...@gmail.com>
Subject Noob security question
Date Thu, 01 Sep 2011 12:30:45 GMT
Hey,

Posted this on stackoverflow.com too, (
http://stackoverflow.com/questions/7260971/couchdb-iris-couch-noob-security-question),
which
led me to the mailing list.

Basically I've been playing with Iris Couch but have come across some
unexpected behavior.
I have the following _security set against a test db:

{"admins":{"names":["neil"],"roles":["admin"]},"readers":{"names":["guest"],"roles":["guest"]}}.

When I created a new server admin via Futon:

{"_id":"org.couchdb.user:test2","_rev":"1-084965a94ea3d7a24116f33245a0ef95","name":"test2","type":"user","roles":[]}

This user can read from my test db?

curl -X GET http://test2:test@neil.iriscourchdb.com/test
curl -X GET http://test2:test@neil.iriscourchdb.com/test/_all_docs

Because neither this users name nor role appear in the _security document
I'd expect them not to be able to be authorized?


Neil

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message