-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent modification of /_users/_security object with opt-out ini file setting #1558
Comments
It's a difficult thing to remove at this late stage, though I agree with the proposal. Should we fold this into the broader push to hide these databases behind an API that enforces only the semantics we wish? |
It's hard to know how many have changed the security object of _users. Those that have done so and not encountered a problem will be broken by this change; those that have encountered a problem will have had to reverse their change already. I think we should save the breakingchangeness until we present a full replacement for this; the API that sits in front of this database and only permits what it ought to. |
+1, let's leave this unti #1504. I'll close this for now. |
Alternatively, like we've done with default db security and making _all_dbs an opt-in config value could help folks until we have a proper fix. |
yes, I can see that. [couchdb] users_db_security_editable=false|true or something, defaulting to false in the new default.ini |
If we're OK with that alternative for 2.x, I'll re-open this. |
Expected Behavior
Modifying the
_security
object inside of_users
is unsupported, and can lead to some unusual behaviour - see #1556.Current Behavior
We allow people to shoot themselves in the foot by modifying
_users/_security
.Possible Solution
Always return a
403
on write attempts for_users/_security
. @rnewson do you have any comment on this?Steps to Reproduce (for bugs)
dev/run -n 1 --with-admin-party-please
Context
People are trying to change the rules for who can read/write documents in
_users
and it goes very badly.Your Environment
The text was updated successfully, but these errors were encountered: