You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2018/07/15 18:29:42 UTC
[couchdb] branch master updated: Optionally prevent non-admins from
accessing /_all_dbs
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb.git
The following commit(s) were added to refs/heads/master by this push:
new 45583af Optionally prevent non-admins from accessing /_all_dbs
45583af is described below
commit 45583af0cb600b712b1eb965b812f3537991f6f4
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Sat Jul 14 12:01:58 2018 +0200
Optionally prevent non-admins from accessing /_all_dbs
---
rel/overlay/etc/default.ini | 3 +++
src/chttpd/src/chttpd_auth_request.erl | 5 ++++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 0f0d547..fbc61af 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -98,6 +98,9 @@ max_db_number_for_dbs_info_req = 100
; uncomment the next line to enable proxy authentication
; authentication_handlers = {chttpd_auth, proxy_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler}
+; prevent non-admins from accessing /_all_dbs
+;admin_only_all_dbs = false
+
[database_compaction]
; larger buffer sizes can originate smaller files
doc_buffer_size = 524288 ; value in bytes
diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl
index 05c5e8e..9110ed6 100644
--- a/src/chttpd/src/chttpd_auth_request.erl
+++ b/src/chttpd/src/chttpd_auth_request.erl
@@ -34,7 +34,10 @@ authorize_request_int(#httpd{path_parts=[]}=Req) ->
authorize_request_int(#httpd{path_parts=[<<"favicon.ico">>|_]}=Req) ->
Req;
authorize_request_int(#httpd{path_parts=[<<"_all_dbs">>|_]}=Req) ->
- Req;
+ case config:get_boolean("chttpd", "admin_only_all_dbs", false) of
+ true -> require_admin(Req);
+ false -> Req
+ end;
authorize_request_int(#httpd{path_parts=[<<"_dbs_info">>|_]}=Req) ->
Req;
authorize_request_int(#httpd{path_parts=[<<"_replicator">>], method='PUT'}=Req) ->