Are we blocked on anything else? Are we good to go? On Tue, Feb 21, 2012 at 7:21 PM, Jan Lehnardt <[email protected]> wrote:
> Thanks guys, committed. > > Noah, 1.2.0 is unblocked on this one. > > On Feb 21, 2012, at 20:13 , Paul Davis wrote: > > > +1 on the patch to require admin for _changes. > > > > On Tue, Feb 21, 2012 at 3:36 AM, Jan Lehnardt <[email protected]> wrote: > >> *nudge* > >> > >> I don't feel very confident with a single opinion (thanks Robert), and > would love your input on this one. > >> > >> Cheers > >> Jan > >> -- > >> > >> > >> On Feb 16, 2012, at 16:12 , Jan Lehnardt wrote: > >> > >>> > >>> On Feb 14, 2012, at 13:14 , Noah Slater wrote: > >>> > >>>> Devs, > >>>> > >>>> Please outline: > >>>> > >>>> - What remains to be fixed for regression purposes > >>> > >>> I want to bring up one more thing (sorry :). > >>> > >>> /_users/_changes is currently end-user readable. While > /_users/_changes?include_docs=true will not fetch docs the requesting user > doesn't have access to, it still gets all doc ids in the /_users db and > thus easily can generate a list of all users. > >>> > >>> I'd like to propose to make /_user/_changes also admin-only before we > ship 1.2.0. Again, I'm happy to revisit and make things configurable down > the road. > >>> > >>> Note that the information that a particular user is registered is > leaked (a user can't sign up with a username that is already taken, from > that it can be deduced that that particular username is already > registered). This is in line with most signup systems. Making > /_users/_changes admin-only doesn't prevent all leakage of what users have > signed up, but it stops bulk-leakage of *all* users in one swoop. > >>> > >>> What do you think? > >>> > >>> Cheers > >>> Jan > >>> -- > >>> > >>> > >> > >
