Hello, I am trying to secure access to a database. From an HTTP request point of view, it's secure and I know it's working because unit tests and curl commands fail when the wrong password is used. I open Futon and sure enough, the lower-right corner confirms that I'm no longer in admin party mode. I cannot create a new database and I cannot access the configuration, which is expected. Great.
The problem is that any user can access the database I have created. Not only that, any user can modify it as well! I even created a new account (Mac OS X), launched Safari and was allowed to manipulate the database without any type of restriction. Question: how do I secure the database so that only the admin can access it? Is there an ACL somewhere I missed? Thanks! -- Tito
