[ https://issues.apache.org/jira/browse/COUCHDB-263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737097#action_12737097 ]
Jason Davies commented on COUCHDB-263: -------------------------------------- I've absorbed this patch into my oauth branch at http://github.com/jasondavies/couchdb/tree/oauth . I've modified it as follows: 1. The setting has been moved to [couch_httpd_auth] require_valid_user = true 2. The setting affects all authentication handlers instance-wide. If none of them set user_ctx, then a 401 error is returned when require_valid_user = true. > require valid user for all database operations > ---------------------------------------------- > > Key: COUCHDB-263 > URL: https://issues.apache.org/jira/browse/COUCHDB-263 > Project: CouchDB > Issue Type: Improvement > Components: HTTP Interface > Affects Versions: 0.9 > Environment: All platforms. > Reporter: Jack Moffitt > Priority: Blocker > Fix For: 0.10 > > Attachments: couchauth.diff > > > Admin accounts currently restrict a few operations, but leave all other > operations completely open. Many use cases will require all operations to be > authenticated. This can certainly be done by overriding the > default_authentication_handler, but I think this very common use case can be > handled in default_authentication_handler without increasing the complexity > much. > Attached is a patch which adds a new config option, "require_valid_user", > which restricts all operations to authenticated users only. Since CouchDB > currently only has admins, this means that all operations are restricted to > admins. In a future CouchDB where there are also normal users, the intention > is that this would let them pass through as well. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.