incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Freeman <joe.free...@bitroot.com>
Subject CouchDB users publicly visible
Date Tue, 04 Jan 2011 21:17:06 GMT
My understanding of the CouchDB '_users' table is that in order to
have a user sign up (for example, using $.couch.signup(...)), you have
to have the '_users' table publicly visible, and hence have all users
in your app publicly visible?

This doesn't seem so great for me, or the potential users of my app.

For example, I can see all the users on the couchone site here:

  http://couchone.com/_users/_all_docs

This includes potentially sensitive information like people's e-mail address':

  http://couchone.com/_users/org.couchdb.user:jchris

I'm assuming update access implies read access? Am I missing something..?

Mime
View raw message