You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2015/11/20 09:43:11 UTC

[jira] [Commented] (COUCHDB-2897) Improve robustness of couchdb_mrview_cors_tests

    [ https://issues.apache.org/jira/browse/COUCHDB-2897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15015431#comment-15015431 ] 

ASF GitHub Bot commented on COUCHDB-2897:
-----------------------------------------

GitHub user jaydoane opened a pull request:

    https://github.com/apache/couchdb-couch/pull/128

    Explicitly authorize test requests

    Create admin user and use its credentials for requests
    
    Use http requests to create and delete test dbs to avoid potential db
    name munging issues downstream
    
    COUCHDB-2897

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/cloudant/couchdb-couch 2897-couchdb_mrview_cors_tests-explicit-auth

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/couchdb-couch/pull/128.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #128
    
----
commit 988b6fc642dd058159c4af56b09afef6c6754afc
Author: Jay Doane <ja...@gmail.com>
Date:   2015-11-20T08:39:24Z

    Explicitly authorize test requests
    
    Create admin user and use its credentials for requests
    
    Use http requests to create and delete test dbs to avoid potential db
    name munging issues downstream
    
    COUCHDB-2897

----


> Improve robustness of couchdb_mrview_cors_tests
> -----------------------------------------------
>
>                 Key: COUCHDB-2897
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2897
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: Test Suite
>            Reporter: Jay Doane
>
> The current implementation assumes a certain level of implicit authorization based on admin party semantics, which is fragile in downstream projects with different security models. Additionally, the direct use of fabric to create test databases can bypass name spacing which could occur in multi-tenant configurations.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)