[
https://issues.apache.org/jira/browse/COUCHDB-1656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13564133#comment-13564133
]
Jason Smith commented on COUCHDB-1656:
--------------------------------------
The _security object is similar to a normal document inside the database.
(There has even been discussion about moving security to a local document,
_local/_security so it could have some MVCC features).
So I think in general, if a user can read the database, or documents inside it,
then they can read the _security object too.
In other words, the primary secret of the CouchDB security model is users'
passwords. Learning the _security object (or the contents of
validate_doc_update functions) should not alter the secrecy or privacy of the
data.
> Anonymous Users and Non-Admins Can Read the Security Object
> -----------------------------------------------------------
>
> Key: COUCHDB-1656
> URL: https://issues.apache.org/jira/browse/COUCHDB-1656
> Project: CouchDB
> Issue Type: Bug
> Components: Database Core
> Reporter: Klaus Trainer
> Attachments:
> 0001-Don-t-give-non-admins-read-access-to-db-_security.patch
>
>
> It is possible that anonymous users are able to read a DB's security object
> if the security object's `members` array is empty or missing. Also, it is
> generally possible for authenticated members (non-admin users) to read the
> security object.
> Only admin users should be allowed to read the security object.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
