I believe in 1.2.0 security to _users changed. http://wiki.apache.org/couchdb/Breaking_changes#A_users_database
authenticated users can read/update their own record only, delete is possible via update, not directly via delete (unless user is admin). Jim Klo Senior Software Engineer Center for Software Engineering SRI International t. @nsomnac On Jul 27, 2012, at 8:19 AM, Wordit wrote: How secure is the _user database? Futon will only give admin users access (at least on iriscouch). That's what l'm hoping because I want to conceal usernames, since they are email addresses. Is that only because Futon is accessing it in a specific way? I somehow remember in couch 1.0 that access to _users was public. Has that changed? Thanks, Marcus
