[
https://issues.apache.org/jira/browse/COUCHDB-2390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14172465#comment-14172465
]
Alexander Shorin commented on COUCHDB-2390:
-------------------------------------------
What's the point of hiding problems? It doesn't help either not solve the
problem, people still be able to PUT admins via HTTP API and found it broken on
clusterwide.
May be figure what can we do to solve the root issue? The only idea I have is
to move admins to authdb that syncs with cluster nodes. As backward compatible
feature, it could read admins from ini, but never write them back with hash.
Since we're going to drop Admin Party, we still have to provide some console
tool to setup first admin and obliviously, we have to add a function to reset
the admin(s).
> Fauxton config, admin sections considered dangerous in 2.0
> ----------------------------------------------------------
>
> Key: COUCHDB-2390
> URL: https://issues.apache.org/jira/browse/COUCHDB-2390
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: BigCouch, Fauxton
> Reporter: Joan Touzet
>
> In Fauxton today, there is are 2 sections to edit config-file settings and to
> create new admins. Neither of these sections will work as intended in a
> clustered setup.
> Any Fauxton session will necessarily be speaking to a single machine. The
> config APIs and admin user info as exposed will only add that information to
> a single node's .ini file.
> We should hide these features in Fauxton for now (short-term fix) and correct
> the config /admin creation APIs to work correctly in a clustered setup
> (medium-term fix).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
