A comment regarding the anonymous creation feature for "_users" database.... - while anonymous users are unable to get a list of all _users, they are able to see "Number of documents" (users). Can this be disabled?
On Tue, Jul 28, 2015 at 10:45 AM, jumbo jim <[email protected]> wrote: > Couchdb has a nice feature that allows anonymous users to write to the > _users database. This allows new users to sign up. A logged in user (ie > valid session) has the ability to update/change their password as they have > update privileges to their *own* _user document. > > I envisage a scenario when I need to reset the password for a user as they > have forgotten it. > > Is it possible to have a privileged user (but not admin) user that is > permitted to make changes to other _user documents? (password changes)... > but, at the same time still permitting anonymous creation of new documents? > > > >
