tudordumitriu commented on issue #2026: validate_doc_update not applied to design documents - potential security issue URL: https://github.com/apache/couchdb/issues/2026#issuecomment-490071532 Thanks I think I might have missed something out, I am not doing the updates as admin (indeed it does make perfect sense NOT to run VDU as admin) I am doing the update as a standard user, in his own database (per user db), but he does have some documents shared to him (replicated in his DB) as readonly. Readonly check is accomplished with the VDU for each PerUser db. But as far as I can tell the user can delete the VDU in his own DB and from this moment on he can update any documents. P.S. Maybe my confusion is that an user is an admin in his DB? Could this be the case? If this is it, are there any alternatives to restrict an user to update certain documents in HIS database?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
