bgehman commented on issue #37: Broken security in 2.0.0 image URL: https://github.com/apache/couchdb-docker/issues/37#issuecomment-339698316 @wohali Are you saying that, by design, only an `admin` can create a database -- but any user, with no credentials whatsoever, can list all databases and CRUD into any database? Admin creates a database: ``` curl -X PUT http://admin:password@localhost:5984/foo {"ok":true} ``` Anybody can list all DBs, and CRUD documents into databases (with no credentials): ``` $curl http://localhost:5984/_all_dbs ["foo"] $ curl -X PUT http://localhost:5984/foo/test -d '{ "a":"b" }' {"ok":true,"id":"test","rev":"1-4b8a35d3f70a5962f86c6dd06ceb599c"} $ curl http://localhost:5984/foo/test {"_id":"test","_rev":"1-4b8a35d3f70a5962f86c6dd06ceb599c","a":"b"} ``` How can I secure this so only my authorized user can access databases?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
