[
https://issues.apache.org/jira/browse/COUCHDB-2452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14212722#comment-14212722
]
Mike Wallace commented on COUCHDB-2452:
---------------------------------------
This is now ready for review.
I have revised the approach I took to make the restricitons on non-admins
reading design docs apply via the clustered interface whilst still allowing
admins access. The problem was that the restriction to admins only was
happening in the sys db callback [1]. This meant that even admins were unable
to open design docs because neither ddoc_cache nor any of the clustering gloop
uses the user context when opening the design doc.
The first approach I took was to modify ddoc_cache so it could accept and use
the user context. This proved problematic because it then required editing
every function in fabric that was in the path of any request which would need
to open a design doc. This seemed like a lot of changes just to support an area
of functionality which is going to be used reasonably infrequently.
The alternative approach I have taken is to move the check for non-admin access
to the authentication DB into the http layer. This means that we have the user
context available and can perform the admin check before proceeding with the
request. This results in a little duplication between couch_httpd_db.erl and
chttpd_db.erl which I can't cleanly generalise.
I'm not a huge fan of this approach either but it seems to be the least worst
option. Would be great if someone more experienced could come up with something
better.
The relevant branch in ddoc_cache has therefore been deleted. The branches in
couchdb-couch and couchdb-chttpd have been re-written a little and the
couchdb-couch-mrview branch is untouched since I last commented.
[1]
https://github.com/apache/couchdb-couch/blob/master/src/couch_users_db.erl#L87-L94
> Provide _users DB security when _users DB is on the clustered interface
> -----------------------------------------------------------------------
>
> Key: COUCHDB-2452
> URL: https://issues.apache.org/jira/browse/COUCHDB-2452
> Project: CouchDB
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: Database Core
> Reporter: Mike Wallace
>
> The authentication DB (default name _users) has special security semantics
> which are currently only supported on the admin port (default 5986). Since we
> support using the _users DB on the clustered port we should also ensure the
> same security semantics apply there.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
