You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by ja...@apache.org on 2020/02/19 18:20:29 UTC

[couchdb] branch feat/breaking/all-dbs-admin-only-by-default created (now e8a2e72)

This is an automated email from the ASF dual-hosted git repository.

jan pushed a change to branch feat/breaking/all-dbs-admin-only-by-default
in repository https://gitbox.apache.org/repos/asf/couchdb.git.


      at e8a2e72  feat(breaking): make _all_dbs admin-only by default

This branch includes the following new commits:

     new e8a2e72  feat(breaking): make _all_dbs admin-only by default

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb] 01/01: feat(breaking): make _all_dbs admin-only by default

Posted by ja...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

jan pushed a commit to branch feat/breaking/all-dbs-admin-only-by-default
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit e8a2e726e1a9d36e484a6a8be2da275261048b8c
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Wed Feb 19 19:19:35 2020 +0100

    feat(breaking): make _all_dbs admin-only by default
---
 rel/overlay/etc/default.ini            | 4 ++--
 src/chttpd/src/chttpd_auth_request.erl | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 1829d0d..7c03094 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -135,8 +135,8 @@ max_db_number_for_dbs_info_req = 100
 ; uncomment the next line to enable proxy authentication
 ; authentication_handlers = {chttpd_auth, proxy_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler}
 
-; prevent non-admins from accessing /_all_dbs
-;admin_only_all_dbs = false
+; allow non-admins to access /_all_dbs
+; admin_only_all_dbs = true
 
 [couch_peruser]
 ; If enabled, couch_peruser ensures that a private per-user database
diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl
index fa47f5b..8040f91 100644
--- a/src/chttpd/src/chttpd_auth_request.erl
+++ b/src/chttpd/src/chttpd_auth_request.erl
@@ -34,7 +34,7 @@ authorize_request_int(#httpd{path_parts=[]}=Req) ->
 authorize_request_int(#httpd{path_parts=[<<"favicon.ico">>|_]}=Req) ->
     Req;
 authorize_request_int(#httpd{path_parts=[<<"_all_dbs">>|_]}=Req) ->
-   case config:get_boolean("chttpd", "admin_only_all_dbs", false) of
+   case config:get_boolean("chttpd", "admin_only_all_dbs", true) of
        true -> require_admin(Req);
        false -> Req
    end;