couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neil Gibbons <>
Subject Noob security question
Date Thu, 01 Sep 2011 12:30:45 GMT

Posted this on too, (,
led me to the mailing list.

Basically I've been playing with Iris Couch but have come across some
unexpected behavior.
I have the following _security set against a test db:


When I created a new server admin via Futon:


This user can read from my test db?

curl -X GET
curl -X GET

Because neither this users name nor role appear in the _security document
I'd expect them not to be able to be authorized?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message