You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2015/02/20 15:54:14 UTC
[jira] [Commented] (COUCHDB-2390) Fauxton config, admin sections
considered dangerous in 2.0
[ https://issues.apache.org/jira/browse/COUCHDB-2390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14329003#comment-14329003 ]
ASF subversion and git services commented on COUCHDB-2390:
----------------------------------------------------------
Commit 2a583cb0dfcd446ae259b272acd58068079c9b52 in couchdb-chttpd's branch refs/heads/master from [~robertkowalski]
[ https://git-wip-us.apache.org/repos/asf?p=couchdb-chttpd.git;h=2a583cb ]
Remove _config route on cluster
In order to avoid users shooting themselves in the foot by using
`/_config/` on a clustered CouchDB with a loadbalancer in front,
we remove it on `15984` - it will be available for single-node-
mode on the backdoor port (`15986`) or for users that are feeling
lucky which want to fire curl requests to every node.
It also allows Fauxton to detect if it is running on a the backdoor
port. Fauxton will - if it gets a 200 instead of a 404 - show the
config-section to the user.
COUCHDB-2601 COUCHDB-2390 COUCHDB-2343
> Fauxton config, admin sections considered dangerous in 2.0
> ----------------------------------------------------------
>
> Key: COUCHDB-2390
> URL: https://issues.apache.org/jira/browse/COUCHDB-2390
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: BigCouch, Fauxton
> Reporter: Joan Touzet
> Assignee: Ben Keen
> Priority: Blocker
> Fix For: 2.0.0
>
>
> In Fauxton today, there is are 2 sections to edit config-file settings and to create new admins. Neither of these sections will work as intended in a clustered setup.
> Any Fauxton session will necessarily be speaking to a single machine. The config APIs and admin user info as exposed will only add that information to a single node's .ini file.
> We should hide these features in Fauxton for now (short-term fix) and correct the config /admin creation APIs to work correctly in a clustered setup (medium-term fix).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)