You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by ja...@apache.org on 2020/02/19 18:21:29 UTC

[couchdb] branch feat/breaking/all-dbs-admin-only-by-default-3.0.x created (now 66a59ec)

This is an automated email from the ASF dual-hosted git repository.

jan pushed a change to branch feat/breaking/all-dbs-admin-only-by-default-3.0.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git.


      at 66a59ec  feat(breaking): make _all_dbs admin-only by default

This branch includes the following new commits:

     new 66a59ec  feat(breaking): make _all_dbs admin-only by default

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb] 01/01: feat(breaking): make _all_dbs admin-only by default

Posted by ja...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

jan pushed a commit to branch feat/breaking/all-dbs-admin-only-by-default-3.0.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 66a59ec6a6405279ddeb8b87820262d24987299b
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Wed Feb 19 19:19:35 2020 +0100

    feat(breaking): make _all_dbs admin-only by default
---
 rel/overlay/etc/default.ini            | 4 ++--
 src/chttpd/src/chttpd_auth_request.erl | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 1829d0d..7c03094 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -135,8 +135,8 @@ max_db_number_for_dbs_info_req = 100
 ; uncomment the next line to enable proxy authentication
 ; authentication_handlers = {chttpd_auth, proxy_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler}
 
-; prevent non-admins from accessing /_all_dbs
-;admin_only_all_dbs = false
+; allow non-admins to access /_all_dbs
+; admin_only_all_dbs = true
 
 [couch_peruser]
 ; If enabled, couch_peruser ensures that a private per-user database
diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl
index fa47f5b..8040f91 100644
--- a/src/chttpd/src/chttpd_auth_request.erl
+++ b/src/chttpd/src/chttpd_auth_request.erl
@@ -34,7 +34,7 @@ authorize_request_int(#httpd{path_parts=[]}=Req) ->
 authorize_request_int(#httpd{path_parts=[<<"favicon.ico">>|_]}=Req) ->
     Req;
 authorize_request_int(#httpd{path_parts=[<<"_all_dbs">>|_]}=Req) ->
-   case config:get_boolean("chttpd", "admin_only_all_dbs", false) of
+   case config:get_boolean("chttpd", "admin_only_all_dbs", true) of
        true -> require_admin(Req);
        false -> Req
    end;