Klaus Trainer created COUCHDB-1656:
--------------------------------------
Summary: Anonymous Users and Non-Admins Can Read the Security
Object
Key: COUCHDB-1656
URL: https://issues.apache.org/jira/browse/COUCHDB-1656
Project: CouchDB
Issue Type: Bug
Components: Database Core
Reporter: Klaus Trainer
It is possible that anonymous users are able to read a DB's security object if
the security object's `members` array is empty or missing. Also, it is
generally possible for authenticated members (non-admin users) to read the
security object.
Only admin users should be allowed to read the security object.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
