You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@couchdb.apache.org by Tito Ciuro <tc...@mac.com> on 2016/07/28 01:02:12 UTC

How do I secure the database so that only the admin can access it?

Hello,

I am trying to secure access to a database. From an HTTP request point of view, it's secure and I know it's working because unit tests and curl commands fail when the wrong password is used. I open Futon and sure enough, the lower-right corner confirms that I'm no longer in admin party mode. I cannot create a new database and I cannot access the configuration, which is expected. Great.

The problem is that any user can access the database I have created. Not only that, any user can modify it as well! I even created a new account (Mac OS X), launched Safari and was allowed to manipulate the database without any type of restriction.

Question: how do I secure the database so that only the admin can access it? Is there an ACL somewhere I missed?

Thanks!

-- Tito