You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2018/10/07 11:23:30 UTC

[GitHub] flimzy opened a new issue #1644: Illegal DB creation permitted

flimzy opened a new issue #1644: Illegal DB creation permitted
URL: https://github.com/apache/couchdb/issues/1644
 
 
   <!--- Provide a general summary of the issue in the Title above -->
   
   Reported/asked about here: https://stackoverflow.com/q/52636973/13860
   
   ## Expected Behavior
   <!--- If you're describing a bug, tell us what should happen -->
   <!--- If you're suggesting a change/improvement, tell us how it should work -->
   
   Creating a database called `!abcdef/_users` should fail, due to invalid DB name.
   
   ## Current Behavior
   <!--- If describing a bug, tell us what happens instead of the expected behavior -->
   <!--- If suggesting a change/improvement, explain the difference from current behavior -->
   
   DB creation succeeds:
   
       curl -v -X PUT http://admin:abc123@localhost:6004/\!abcdef%2F_users
       *   Trying ::1...
       * TCP_NODELAY set
       * Connected to localhost (::1) port 6004 (#0)
       * Server auth using Basic with user 'admin'
       > PUT /!abcdef%2F_users HTTP/1.1
       > Host: localhost:6004
       > Authorization: Basic YWRtaW46YWJjMTIz
       > User-Agent: curl/7.52.1
       > Accept: */*
       > 
       < HTTP/1.1 201 Created
       < Cache-Control: must-revalidate
       < Content-Length: 12
       < Content-Type: application/json
       < Date: Sun, 07 Oct 2018 11:21:46 GMT
       < Location: http://localhost:6004/%21abcdef%2F_users
       < Server: CouchDB/2.2.0 (Erlang OTP/19)
       < X-Couch-Request-ID: 8d5c83b3a4
       < X-CouchDB-Body-Time: 0
       < 
       {"ok":true}
       * Curl_http_done: called premature == 0
       * Connection #0 to host localhost left intact
   
   
   
   ## Possible Solution
   <!--- Not obligatory, but suggest a fix/reason for the bug, -->
   <!--- or ideas how to implement the addition or change -->
   
   Seems likely that the "special case" for `_users` is just too permissive, such as a regex not bound to the beginning of the string, or a similar error.
   
   ## Steps to Reproduce (for bugs)
   <!--- Provide a link to a live example, or an unambiguous set of steps to -->
   <!--- reproduce this bug. Include code to reproduce, if relevant -->
   
   See curl command above.
   
   
   ## Your Environment
   <!--- Include as many relevant details about the environment you experienced the bug in -->
   * Version used: CouchDB 2.2.0 via official Docker image
   * Browser Name and version: curl 7.52.1
   * Operating System and version (desktop or mobile): Debian 9.5
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services