Hi, "Admin Party" is sometimes interpreted as an endorsement rather than the warning we intend. It means, only, that no administrator has been created yet. Until the first administrator is created, everyone is an administrator, as only administrator can create administrator. You are urged to add an administrator immediately (you can do it before you even start couchdb by editing local.ini).
Changing _security properties of databases is not part of this. The principal securing step is to create at least one administrator. As Alex notes, we want to make this harder (or impossible) to avoid from 2.0 onward. B. > On 17 Apr 2016, at 08:09, Alexander Shorin <[email protected]> wrote: > > Hi Paul! > > Yes, Admin Party is harmful and must be fixed if your CouchDB gain > access not only from localhost. There are no doubts on that. > > CouchDB 2.0 will force you to fix it if you're going to setup a cluster. > -- > ,,,^..^,,, > > > On Sun, Apr 17, 2016 at 6:09 AM, Paul Hammant <[email protected]> wrote: >> (Cultural ref: https://en.wikipedia.org/wiki/Considered_harmful) >> >> So AdminParty is fun for there 2 minute "hey this stuff is great" tour of >> CouchDB, but it leaves me (and others) worried that we don't know the 52 >> specialist knowledge things to do to lock down a couch install completely. >> You know: 443-only, a top-level administrator, sub administrators, regular >> accounts, different read vs write permissions, etc etc. We can't imagine >> going live with a CouchDB solution without that, and it makes us think we >> should look for other technologies when there is no cohesive 100% dev-team >> endorsed page on how to close down the party once and for all. Sooooo - *if >> that page exists, I can't find it*. Is the comummunity even in agreement - >> is it changes to default.ini, local.ini (server side), or is it a series of >> curl statements over the wire (and why)? >> >> - Paul
