couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex G <al...@solarapex.com>
Subject Re: Documented API does not work.
Date Tue, 25 Dec 2012 03:46:53 GMT
To Scott's response. Suppose, a CouchDB is accessible from other hosts. Sending a malformed
request should not crash the server. If the server crashes, it's a vulnerability that needs
to be fixed.

Alex.

-------- Original message --------
Subject: Re: Documented API does not work. 
From: Robert Newson <rnewson@apache.org> 
To: "user@couchdb.apache.org" <user@couchdb.apache.org> 
CC:  

it works just fine if you send a correct request. all_docs is sent in
chunked mode which is new in http 1.1, though calling http 1.1 is
obviously quite silly.

Try using curl or any other competent http library and you'll be be all set.

B.

On 24 December 2012 19:07, Scott <scotty2541@sbcglobal.net> wrote:
> Thanks. But what about not being able to read '_all_docs' ?
>
> 'Sent from my iPhone'... Not someone else's.
>
> On Dec 24, 2012, at 12:38 PM, Robert Newson <rnewson@apache.org> wrote:
>
> A typo in the wiki, I'll fix it. All HTTP request lines start with a /.
>
> B.
>
> On 24 December 2012 18:19, Scott Weber <scotty2541@sbcglobal.net> wrote:
> I am trying to read the DB using a program to communication through sockets.
> And it is not working as documented.  I have a small test database called
> 'basic'
>
> My reference point is this information
> http://wiki.apache.org/couchdb/HTTP_Document_API#all_docs
>
> First off, this causes a CRASH on the server:
> GET basic/_all_docs HTTP/1.0
> Accept : */*
> Host : 127.0.0.1:5984
> UserAgent : MyEditor
>
>
> The crash report is:
> =CRASH REPORT==== 24-Dec-2012::12:04:11 ===
>  crasher:
>    initial call: mochiweb_acceptor:init/3
>    pid: <0.1803.0>
>    registered_name: []
>    exception error: no function clause matching
>                     mochiweb:new_request({#Port<0.4833>,
>                                           {'GET',"basic/_all_docs",{1,0}},
>                                           [{'Accept',"*/*"},
>                                           
{'Host',"127.0.0.1:5984"},
>                                           
{"Useragent","MyEditor"}]})
>      in function  mochiweb_http:headers/5
>    ancestors: [couch_httpd,couch_secondary_services,couch_server_sup,
>                  <0.35.0>]
>    messages: []
>    links: [<0.130.0>,#Port<0.4833>]
>    dictionary: []
>    trap_exit: false
>    status: running
>    heap_size: 987
>    stack_size: 24
>    reductions: 1047
>  neighbours:
>
> Now, I can make it NOT crash, by pre-pending a slash (it took me *hours* to find
> this one...)
> GET /basic/_all_docs HTTP/1.0
> Accept : */*
> Host : 127.0.0.1:5984
> UserAgent : MyEditor
>
>
> However, it does not give me any content length.:
> HTTP/1.0 200 OK
> Server: CouchDB/1.2.0 (Erlang OTP/R14B04)
> ETag: "4UXHG90N70GABNCO2D91E21GZ"
> Date: Mon, 24 Dec 2012 18:08:45 GMT
> Content-Type: text/plain; charset=utf-8
> Cache-Control: must-revalidate
>
>
> If I ask for a specific doc from the database, I will get content:
> GET /basic/somedoc HTTP/1.0
> Accept : */*
> Host : 127.0.0.1:5984
> UserAgent : MyEditor
>
> And the reply is this, with the body of the document following, as expected.
> HTTP/1.0 200 OK
> Server: CouchDB/1.2.0 (Erlang OTP/R14B04)
> ETag: "3-aaf03052c820e9146ef37cecb23e869d"
> Date: Mon, 24 Dec 2012 18:12:01 GMT
> Content-Type: text/plain; charset=utf-8
> Content-Length: 167
> Cache-Control: must-revalidate
>
> Why does it crash when I follow the documented API?
> Why can I not get a list of "_all_docs" ?
>
> I have even removed ALL the headers, and just left the request line.  Same
> result.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message