[jira] [Commented] (COUCHDB-2452) Provide _users DB security when _users DB is on the clustered interface

Fri, 14 Nov 2014 11:36:13 -0800 

    [ 
https://issues.apache.org/jira/browse/COUCHDB-2452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14212706#comment-14212706
 ] 

ASF subversion and git services commented on COUCHDB-2452:
----------------------------------------------------------

Commit 25ec565c18379ce5090b35c3186f6d4a27fbb6c8 in couchdb-chttpd's branch 
refs/heads/2452-users-db-security-on-clustered-interface from [~mikewallace]
[ https://git-wip-us.apache.org/repos/asf?p=couchdb-chttpd.git;h=25ec565 ]

Only admins access _users design documents

The check for admin when opening a design document in the
authentication DB was previously being carried out in a callback
function called when the document was read from the shard. In
order to allow admins to access the design document via the
clustered interface it is necessary to either modify the
chttpd/fabric plumbing so that the user context can be passed
through for all design document calls, or alternatively move the
check to the http layer where we already have the user context.

Due to the number of places we would need to modify fabric to
allow the option to be passed through the latter approach is
taken.

This commit checks for admin in the http layer for requests
which access design documents in the authentication DB.

The couch internals part of that work can be found in related
commit:

    couchdb-couch/6266b95415f8c8d8cde49a8ce221e9d31ebf18b8

COUCHDB-2452 5/5


> Provide _users DB security when _users DB is on the clustered interface
> -----------------------------------------------------------------------
>
>                 Key: COUCHDB-2452
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2452
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Database Core
>            Reporter: Mike Wallace
>
> The authentication DB (default name _users) has special security semantics 
> which are currently only supported on the admin port (default 5986). Since we 
> support using the _users DB on the clustered port we should also ensure the 
> same security semantics apply there.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to