You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Tito Ciuro <tc...@mac.com> on 2016/07/28 01:02:12 UTC
How do I secure the database so that only the admin can access it?
Hello,
I am trying to secure access to a database. From an HTTP request point of view, it's secure and I know it's working because unit tests and curl commands fail when the wrong password is used. I open Futon and sure enough, the lower-right corner confirms that I'm no longer in admin party mode. I cannot create a new database and I cannot access the configuration, which is expected. Great.
The problem is that any user can access the database I have created. Not only that, any user can modify it as well! I even created a new account (Mac OS X), launched Safari and was allowed to manipulate the database without any type of restriction.
Question: how do I secure the database so that only the admin can access it? Is there an ACL somewhere I missed?
Thanks!
-- Tito