On Tue, Feb 14, 2012 at 7:53 PM, Randall Leeds <[email protected]> wrote: > On Tue, Feb 14, 2012 at 10:41, Jan Lehnardt <[email protected]> wrote: >> >> On Feb 14, 2012, at 19:35 , Randall Leeds wrote: >> >>> On Tue, Feb 14, 2012 at 10:19, Jan Lehnardt <[email protected]> wrote: >>>> >>>> On Feb 14, 2012, at 19:13 , Randall Leeds wrote: >>>> >>>>> On Tue, Feb 14, 2012 at 04:14, Noah Slater <[email protected]> wrote: >>>>>> Devs, >>>>>> >>>>>> Please outline: >>>>>> >>>>>> - What has been changed since round one of the 1.2.0 release >>>>>> - What remains to be fixed for regression purposes >>>>>> - Who is doing these fixes, and when will they be done by >>>>>> >>>>>> Thanks, >>>>>> >>>>>> N >>>>> >>>>> I'd like to know if it was always the case that design doc actions on >>>>> system dbs were inaccessible to non-admins or if that's just since the >>>>> recent security changes. If it's recent, why was that part deemed >>>>> necessary and can we remove it? >>>> >>>> It is part of the recent changes and the reason is that a view potentially >>>> leaks information about docs and we don't want that. I'm happy to relax >>>> this >>>> later if we can convince people to write views that don't compromise their >>>> security, but until then I opted for the more secure default. >>>> >>> >>> I motion to remove this restriction now, unless there are actions on >>> the system dbs, installed by default, that leak anything at all. >>> I see the motivation but I feel it might be overly paranoid. Only an >>> admin can modify the ddocs. If a user decides to add views to >>> _replicator or _user they had best think about what they expose and to >>> whom. >>> >>> If there's no objection I can try to tackle this in the evening. >> >> I object :) > > Hmm. What's your reasoning? Why do you need views in _users ?
- benoît
