You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "Corey Quillen (JIRA)" <ji...@apache.org> on 2015/12/18 00:49:46 UTC
[jira] [Commented] (COUCHDB-1724) Improve the user and security
model
[ https://issues.apache.org/jira/browse/COUCHDB-1724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15063114#comment-15063114 ]
Corey Quillen commented on COUCHDB-1724:
----------------------------------------
I recently realized there is a major limitation to the user and security model. Specifically, you can't allow any end-users to manage users without giving them server admin privileges. You can't do that of course because then they could read all user password hashes and delete databases, etc.
> Improve the user and security model
> -----------------------------------
>
> Key: COUCHDB-1724
> URL: https://issues.apache.org/jira/browse/COUCHDB-1724
> Project: CouchDB
> Issue Type: Improvement
> Reporter: Dave Cottlehuber
> Labels: gsoc, mentor
>
> * Support distributed identity systems such as OpenID
> * Allow for easier external authentication
> * Finer grained authorization (instead of the binary _admin or not)
> * Instead of exposing /_users as a database, design an API to cover
> all expected operations instead.
> Fine-grained authorization would allow the ability grant read and write
> access independently, among other things. Specifically it should be possible
> to grant the ability to write but not read.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)