You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/03/09 03:16:42 UTC
[GitHub] [couchdb] wohali commented on issue #2642: v3.0 Possible security
issue - no login required via http://127.0.0.1:5984
wohali commented on issue #2642: v3.0 Possible security issue - no login required via http://127.0.0.1:5984
URL: https://github.com/apache/couchdb/issues/2642#issuecomment-596312502
Hi there,
I can't reproduce this. Exact steps:
1. Start CouchDB (I'm using the `dev/run -n 1` script.)
2. Login to Fauxton using `https://localhost:port/_utils`
3. Log out using Fauxton.
4. Enter the URL `https://127.0.0.1:port`. At this point I see the top level `GET /` output.
5. Enter the URL `https://127.0.0.1:port/_all_dbs`, At this point I receive `{"error":"unauthorized","reason":"You are not a server admin."}`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services