couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lucas Toulouse <lucas.toulo...@cozycloud.cc>
Subject Re: Separation between User and DB. (Config 1.2.0)
Date Fri, 16 Nov 2012 13:01:44 GMT
When you spoke about  readers / members , I am lost. Any docs about that??
I didn't really find by myself.

Readers was an old name for Members ? And it tells writing and reading
rights ?
If it's right,
  Can I create a DB with the admin account?
  Assign the member user1 ?
  Then replicate in this DB using user1 account?


About possible BackDoor -> I think I read on the wiki that a user can't
modify him roles (it's even a good thing)

Bye
Lucas

2012/11/16 svilen <az@svilendobrev.com>

> i have similar scenario (i have user-only databases, as well as
> shared ones).
>
> i use readers/members and ignore roles - they are possible backdoor -
> anyone can assign hirsef a role, as long as s/he knows its name.
>
> once a database has readers/members, noone but those (and the
> admins) can access it. (readers means writing too, hence the new name
> "members")
>
> well, u should have at least one admin defined in the couch config.
>
> i dont know if getting database names can be disabled to non-admins..
>
> ciao
> svilen
>
>  On Fri, 16 Nov 2012 12:21:25 +0100
> Lucas Toulouse <lucas.toulouse@cozycloud.cc> wrote:
>
> > Hello,
> > I'm a Lucas, I have few questions on the configuration of Couchdb
> > Users.
> >
> > I try to create a Couch with an user = a DB
> > And configure user rights according to that. (ie An user can only
> > write and read his own Db)
> >
> > (it's for backup purpose, i have  user who have a couchdb in default
> > config, and they push a ponctual (not continuons, every 24H)
> > replication on a single backup couchdb)
> >
> > I success to installing, configure my couchDb Admin_server, configure
> > an user
> >
> > But
> >   *  The item roles : [ ] Why is the possible config? It's just a
> > label or it's do anything?
> >   *  How to protect database to be read by other user that doesn't
> > own the DB in my architecture.
> >   *  It is possible to 'hide' the db name  ?
> >   *  In my case, is it more useful to have a DBuser or a DBadmin ?
> >
> > Thank's a lot for reading me (and take few time to answer me)
> >
> > Lucas T.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message