You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "Corey Quillen (JIRA)" <ji...@apache.org> on 2015/12/18 00:49:46 UTC

[jira] [Commented] (COUCHDB-1724) Improve the user and security model

    [ https://issues.apache.org/jira/browse/COUCHDB-1724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15063114#comment-15063114 ] 

Corey Quillen commented on COUCHDB-1724:
----------------------------------------

I recently realized there is a major limitation to the user and security model.  Specifically, you can't allow any end-users to manage users without giving them server admin privileges.  You can't do that of course because then they could read all user password hashes and delete databases, etc.

> Improve the user and security model
> -----------------------------------
>
>                 Key: COUCHDB-1724
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1724
>             Project: CouchDB
>          Issue Type: Improvement
>            Reporter: Dave Cottlehuber
>              Labels: gsoc, mentor
>
> * Support distributed identity systems such as OpenID
> * Allow for easier external authentication
> * Finer grained authorization (instead of the binary _admin or not)
> * Instead of exposing /_users as a database, design an API to cover
> all expected operations instead.
> Fine-grained authorization would allow the ability grant read and write
> access independently, among other things. Specifically it should be possible
> to grant the ability to write but not read.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)