couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Klo <>
Subject Re: _user db security
Date Fri, 27 Jul 2012 16:58:17 GMT
I  believe in 1.2.0 security to _users changed.

authenticated users can read/update their own record only, delete is possible via update,
not directly via delete (unless user is admin).

Jim Klo
Senior Software Engineer
Center for Software Engineering
SRI International
t. @nsomnac

On Jul 27, 2012, at 8:19 AM, Wordit wrote:

How secure is the _user database?
Futon will only give admin users access (at least on iriscouch). That's
what l'm hoping because I want to conceal usernames, since they are email

Is that only because Futon is accessing it in a specific way?

I somehow remember in couch 1.0 that access to _users was public. Has that



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message