One last thing on _reader behaviour. If you try to access a database as a non-admin user, but don't have _reader rights, I think you should get a 404 back which is indistinguisable from "database does not exist". Otherwise, you have an obvious way to probe for database names, and if databases are named after customers, this is information leak.
As a non-admin you never *need* to know whether it exists or not, since you wouldn't have rights to create it anyway. Regards, Brian.
