You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by jumbo jim <ju...@gmail.com> on 2015/07/28 02:45:15 UTC
Updating lost user passwords
Couchdb has a nice feature that allows anonymous users to write to the
_users database. This allows new users to sign up. A logged in user (ie
valid session) has the ability to update/change their password as they have
update privileges to their *own* _user document.
I envisage a scenario when I need to reset the password for a user as they
have forgotten it.
Is it possible to have a privileged user (but not admin) user that is
permitted to make changes to other _user documents? (password changes)...
but, at the same time still permitting anonymous creation of new documents?
Re: Updating lost user passwords
Posted by Jan Lehnardt <ja...@apache.org>.
> On 28 Jul 2015, at 03:05, jumbo jim <ju...@gmail.com> wrote:
>
> A comment regarding the anonymous creation feature for "_users"
> database.... - while anonymous users are unable to get a list of all
> _users, they are able to see "Number of documents" (users). Can this be
> disabled?
good call, however, this is not possible at the moment.
>
> On Tue, Jul 28, 2015 at 10:45 AM, jumbo jim <ju...@gmail.com> wrote:
>
>> Couchdb has a nice feature that allows anonymous users to write to the
>> _users database. This allows new users to sign up. A logged in user (ie
>> valid session) has the ability to update/change their password as they have
>> update privileges to their *own* _user document.
>>
>> I envisage a scenario when I need to reset the password for a user as they
>> have forgotten it.
>>
>> Is it possible to have a privileged user (but not admin) user that is
>> permitted to make changes to other _user documents? (password changes)...
>> but, at the same time still permitting anonymous creation of new documents?
only admins can edit other user’s _users docs.
Best
Jan
--
>>
>>
>>
>>
--
Professional Support for Apache CouchDB:
http://www.neighbourhood.ie/couchdb-support/
Re: Updating lost user passwords
Posted by jumbo jim <ju...@gmail.com>.
A comment regarding the anonymous creation feature for "_users"
database.... - while anonymous users are unable to get a list of all
_users, they are able to see "Number of documents" (users). Can this be
disabled?
On Tue, Jul 28, 2015 at 10:45 AM, jumbo jim <ju...@gmail.com> wrote:
> Couchdb has a nice feature that allows anonymous users to write to the
> _users database. This allows new users to sign up. A logged in user (ie
> valid session) has the ability to update/change their password as they have
> update privileges to their *own* _user document.
>
> I envisage a scenario when I need to reset the password for a user as they
> have forgotten it.
>
> Is it possible to have a privileged user (but not admin) user that is
> permitted to make changes to other _user documents? (password changes)...
> but, at the same time still permitting anonymous creation of new documents?
>
>
>
>