[couchdb] 01/01: feat(breaking): make _all_dbs admin-only by default

[ja...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

jan pushed a commit to branch feat/breaking/all-dbs-admin-only-by-default
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit e8a2e726e1a9d36e484a6a8be2da275261048b8c
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Wed Feb 19 19:19:35 2020 +0100

    feat(breaking): make _all_dbs admin-only by default
---
 rel/overlay/etc/default.ini            | 4 ++--
 src/chttpd/src/chttpd_auth_request.erl | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 1829d0d..7c03094 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -135,8 +135,8 @@ max_db_number_for_dbs_info_req = 100
 ; uncomment the next line to enable proxy authentication
 ; authentication_handlers = {chttpd_auth, proxy_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler}
 
-; prevent non-admins from accessing /_all_dbs
-;admin_only_all_dbs = false
+; allow non-admins to access /_all_dbs
+; admin_only_all_dbs = true
 
 [couch_peruser]
 ; If enabled, couch_peruser ensures that a private per-user database
diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl
index fa47f5b..8040f91 100644
--- a/src/chttpd/src/chttpd_auth_request.erl
+++ b/src/chttpd/src/chttpd_auth_request.erl
@@ -34,7 +34,7 @@ authorize_request_int(#httpd{path_parts=[]}=Req) ->
 authorize_request_int(#httpd{path_parts=[<<"favicon.ico">>|_]}=Req) ->
     Req;
 authorize_request_int(#httpd{path_parts=[<<"_all_dbs">>|_]}=Req) ->
-   case config:get_boolean("chttpd", "admin_only_all_dbs", false) of
+   case config:get_boolean("chttpd", "admin_only_all_dbs", true) of
        true -> require_admin(Req);
        false -> Req
    end;