You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2017/10/26 15:11:24 UTC

[GitHub] bgehman commented on issue #37: Broken security in 2.0.0 image

bgehman commented on issue #37: Broken security in 2.0.0 image
URL: https://github.com/apache/couchdb-docker/issues/37#issuecomment-339698316
 
 
   @wohali Are you saying that, by design, only an `admin` can create a database -- but any user, with no credentials whatsoever, can CRUD into that database?
   
   Admin creates a database:
   ```
   curl -X PUT http://admin:password@localhost:5984/foo
   {"ok":true}
   ```
   
   Anybody can CRUD documents in that database (with no credentials):
   ```
   $ curl -X PUT http://localhost:5984/foo/test -d '{ "a":"b" }'  
   {"ok":true,"id":"test","rev":"1-4b8a35d3f70a5962f86c6dd06ceb599c"}
   
   $ curl  http://localhost:5984/foo/test                  
   {"_id":"test","_rev":"1-4b8a35d3f70a5962f86c6dd06ceb599c","a":"b"}
   ```
   
   How can I secure this so only my authorized user can access databases?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services