bgehman commented on issue #37: Broken security in 2.0.0 image URL: https://github.com/apache/couchdb-docker/issues/37#issuecomment-339698316 @wohali Are you saying that, by design, only an `admin` can create a database -- but any user, with no credentials whatsoever, can CRUD into that database? Admin creates a database: ``` curl -X PUT http://admin:password@localhost:5984/foo {"ok":true} ``` Anybody can CRUD documents in that database (with no credentials): ``` $ curl -X PUT http://localhost:5984/foo/test -d '{ "a":"b" }' {"ok":true,"id":"test","rev":"1-4b8a35d3f70a5962f86c6dd06ceb599c"} $ curl http://localhost:5984/foo/test {"_id":"test","_rev":"1-4b8a35d3f70a5962f86c6dd06ceb599c","a":"b"} ``` How can I secure this so only my authorized user can access databases?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
