CouchDB
  1. CouchDB
  2. COUCHDB-263

require valid user for all database operations

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 0.9
    • Fix Version/s: 0.10
    • Component/s: HTTP Interface
    • Labels:
      None
    • Environment:

      All platforms.

      Description

      Admin accounts currently restrict a few operations, but leave all other operations completely open. Many use cases will require all operations to be authenticated. This can certainly be done by overriding the default_authentication_handler, but I think this very common use case can be handled in default_authentication_handler without increasing the complexity much.

      Attached is a patch which adds a new config option, "require_valid_user", which restricts all operations to authenticated users only. Since CouchDB currently only has admins, this means that all operations are restricted to admins. In a future CouchDB where there are also normal users, the intention is that this would let them pass through as well.

      1. couchauth.diff
        1 kB
        Jack Moffitt

        Activity

          People

          • Assignee:
            Unassigned
            Reporter:
            Jack Moffitt
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development