incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Metson <si...@cloudant.com>
Subject Re: Replication and validate_doc_field
Date Thu, 21 Jun 2012 09:34:29 GMT
Hi, 


On Thursday, 21 June 2012 at 01:57, Pulkit Singhal wrote:

> Right, so what I'm saying is that the replicator client is being run with
> the creds of a super-duper-admin who inherently has _admin privileges.
> 
> When the same code is run against a DB without any reader roles, everything
> works out. But when it is run against a DB with a reader role, it fails.
> 
> I'm hoping that someone will clarify the security constraints around how
> replication behaves with db level security in 1.2.0
> 
> 

I think the problem is that the request to the origin DB needs to be authenticated, because
you have the readers set up. You need to authorise the read request, and the fact that the
replication was created on the destination as _admin means nothing (that would be a massive
security hole - if I could read from anyones database just because I was an admin of my own).


Sounds like you need to include a username/password in the source URL that has the reader
role:

curl -X POST 'http://localhost:5984/_replicate' -d '{"target":"my_database", "source":"http://username:password@remotehost:5984/some_other_database"}'

HTH
Simon



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message