You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by wo...@apache.org on 2020/02/19 21:28:16 UTC
[couchdb] 02/02: feat(breaking): make _all_dbs admin-only by
default (#2576)
This is an automated email from the ASF dual-hosted git repository.
wohali pushed a commit to branch 3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit c86f0a6e3ff22a881cc5cfb10005b80c226f0970
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Wed Feb 19 20:34:01 2020 +0100
feat(breaking): make _all_dbs admin-only by default (#2576)
---
rel/overlay/etc/default.ini | 2 +-
src/chttpd/src/chttpd_auth_request.erl | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 1829d0d..246c173 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -136,7 +136,7 @@ max_db_number_for_dbs_info_req = 100
; authentication_handlers = {chttpd_auth, proxy_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler}
; prevent non-admins from accessing /_all_dbs
-;admin_only_all_dbs = false
+; admin_only_all_dbs = true
[couch_peruser]
; If enabled, couch_peruser ensures that a private per-user database
diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl
index fa47f5b..8040f91 100644
--- a/src/chttpd/src/chttpd_auth_request.erl
+++ b/src/chttpd/src/chttpd_auth_request.erl
@@ -34,7 +34,7 @@ authorize_request_int(#httpd{path_parts=[]}=Req) ->
authorize_request_int(#httpd{path_parts=[<<"favicon.ico">>|_]}=Req) ->
Req;
authorize_request_int(#httpd{path_parts=[<<"_all_dbs">>|_]}=Req) ->
- case config:get_boolean("chttpd", "admin_only_all_dbs", false) of
+ case config:get_boolean("chttpd", "admin_only_all_dbs", true) of
true -> require_admin(Req);
false -> Req
end;