couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Klo <jim....@sri.com>
Subject Re: _user db security
Date Fri, 27 Jul 2012 16:58:17 GMT
I  believe in 1.2.0 security to _users changed. http://wiki.apache.org/couchdb/Breaking_changes#A_users_database

authenticated users can read/update their own record only, delete is possible via update,
not directly via delete (unless user is admin).

Jim Klo
Senior Software Engineer
Center for Software Engineering
SRI International
t. @nsomnac

On Jul 27, 2012, at 8:19 AM, Wordit wrote:

How secure is the _user database?
Futon will only give admin users access (at least on iriscouch). That's
what l'm hoping because I want to conceal usernames, since they are email
addresses.

Is that only because Futon is accessing it in a specific way?

I somehow remember in couch 1.0 that access to _users was public. Has that
changed?

Thanks,

Marcus


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message