Hi Bill,
There's a "validate_doc_update" variable in the "_design/_auth" document that
contains a javascript function that I would think you can edit to only allow
admins to create a user in the _user database. I'm wondering if this is
different and would not help you if someone is editing the _user CouchDB file
though.
Hopefully this helps or at least attracts the attention of someone who knows
more than me.
-Chris
________________________________
From: Bill Stephenson <b...@cherrypc.com.INVALID>
Sent: Friday, November 23, 2018 2:44:22 PM
To: user@couchdb.apache.org
Subject: Prevent anonymous creation of users...
External Email - Use Caution
I’ve been unaware that by default anyone can create a user in the _user file
and I have someone doing that on a CouchDB server I run.
>From what I’ve been able to learn about this so far I need to modify the
>"_design/_auth” file to prevent this, but I’m reluctant to muck around with
>that without knowing exactly how and where I need to edit that file.
Any help would be much appreciated.
--
Bill Stephenson
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
