You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/03/31 15:52:52 UTC

[GitHub] [couchdb] dholth opened a new issue #2737: Update _users security documentation to account for _security changes, "mandatory" fields

dholth opened a new issue #2737: Update _users security documentation to account for _security changes, "mandatory" fields
URL: https://github.com/apache/couchdb/issues/2737
 
 
   The _users documentation at https://docs.couchdb.org/en/stable/intro/security.html?highlight=org%20couchdb%20users#authentication-database is out of date.
   
   "Users may only access (GET /_users/org.couchdb.user:Jan) or modify (PUT /_users/org.couchdb.user:Jan) documents that they own"
   
   Technically true but the default 3.0 _security setting means users may not access or modify their own documents. Documentation should mention the _security and config settings to make this true.
   
   (in my application the ideal would be read-only access to your own _user object)
   
   "Each CouchDB user is stored in document format. These documents contain several mandatory fields, that CouchDB needs for authentication:
   
   AFAICT some of these fields are not mandatory. derived_key, password_sha, password_scheme, salt are not needed when using proxy authentication. Can roles be missing too?
   
   References #2730 #2734

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services