Hi Piotr, Parameter "require_valid_user" (one in [chttpd] section if we are talking CouchDB 2.x) is controlling if _all_ of end-points would always require a valid credentials to be accessed. When it's set to false this behavior is up to a standard Couch authorization model, i.e. if you'll be promptd for creds depends on existence admin users, security object of a database, presence of AuthSession cookie etc...
Pros of having "require_valid_user" set to true is that any new created database will be immidiately protected even before updating its security object. Cons is that some of usually open end-points will require creds to be accessed, e.g. /_up and /_session I hope this makes sense. Regards, Eric > On Jul 17, 2018, at 18:44, Piotr Zarzycki <piotrzarzyck...@gmail.com> wrote: > > Hello CouchDb Team, > > Some time ago we have been started with good results using CouchDb and nano > library. We would like to use CouchDb on Linux server. > > We have following scenario: > 1) When require_valid_user=true we need to provide login and password to > the users > 2) When require_valid_user=false login and password is still required > > We are experiencing following behavior and general question is - whether > something is wrong or our understanding is incorrect. Because we think that > in point #2 it shouldn't behave like that. > > If someone could shed some light on that. > > Thanks, > Piotr
