[jira] [Commented] (COUCHDB-2621) Hide _metadata database from the world by default

Mon, 23 Feb 2015 13:06:04 -0800 

    [ 
https://issues.apache.org/jira/browse/COUCHDB-2621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14333812#comment-14333812
 ] 

Jan Lehnardt commented on COUCHDB-2621:
---------------------------------------

again clarifying that the “decision” was just a quorum among the IRC 
participants, not a project-level decision. this all is just for your all 
consideration :)

A few clarifications:
 - the lack of validation logic means that unsuspecting end-users could write 
documents to the database that screw up database internals

 - replicating of metadata is definitely interesting and we could look at that 
in the future, but this isn’t a blocker for 2.0

- I’d suggest /_metadata returns 404, e.g. we just don’t hook it up to chttpd.

- in the future, we might want to add a config option that hooks up the 
database to chttpd, so expert users can do with it what they need to do. This 
is also not blocking for 2.0.

> Hide _metadata database from the world by default
> -------------------------------------------------
>
>                 Key: COUCHDB-2621
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2621
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Database Core
>            Reporter: Alexander Shorin
>
> After IRC conversation with [~janl] and [~chewbranca] we decided to hide 
> _metadata database from the world by blocking all the access to it via HTTP 
> API.  The motivation is the following:
> - it lacks of validation logic, but adding such may hurt overall performance 
> a more;
> - it creates a confusion about database security management: should users use 
> /db/_security endpoint of /_metadata/db@security one?
> - technically, it allows to replicate databases metadata across the cluster, 
> but this use case is a dark room of black cats;
> - there is something about quorum thing, but I didn't get that completely (:
> The proposal is to add chttpd handler which returns a HTTP error (403 
> Forbidden?) on /_metadata request and only allows to access to it from HTTP 
> after setting couchdb/expose_metadata_database with value true in config file.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to