Hey,
Posted this on stackoverflow.com too, (
http://stackoverflow.com/questions/7260971/couchdb-iris-couch-noob-security-question),
which
led me to the mailing list.
Basically I've been playing with Iris Couch but have come across some
unexpected behavior.
I have the following _security set against a test db:
{"admins":{"names":["neil"],"roles":["admin"]},"readers":{"names":["guest"],"roles":["guest"]}}.
When I created a new server admin via Futon:
{"_id":"org.couchdb.user:test2","_rev":"1-084965a94ea3d7a24116f33245a0ef95","name":"test2","type":"user","roles":[]}
This user can read from my test db?
curl -X GET http://test2:[email protected]/test
curl -X GET http://test2:[email protected]/test/_all_docs
Because neither this users name nor role appear in the _security document
I'd expect them not to be able to be authorized?
Neil
