Prevent modification of /_users/_security object with opt-out ini file setting #1558
Comments
|
It's a difficult thing to remove at this late stage, though I agree with the proposal. Should we fold this into the broader push to hide these databases behind an API that enforces only the semantics we wish? |
|
It's hard to know how many have changed the security object of _users. Those that have done so and not encountered a problem will be broken by this change; those that have encountered a problem will have had to reverse their change already. I think we should save the breakingchangeness until we present a full replacement for this; the API that sits in front of this database and only permits what it ought to. |
|
+1, let's leave this unti #1504. I'll close this for now. |
|
Alternatively, like we've done with default db security and making _all_dbs an opt-in config value could help folks until we have a proper fix. |
|
yes, I can see that. [couchdb] users_db_security_editable=false|true or something, defaulting to false in the new default.ini |
|
If we're OK with that alternative for 2.x, I'll re-open this. |
wohali
changed the title
Expected Behavior
Modifying the
_securityobject inside of_usersis unsupported, and can lead to some unusual behaviour - see #1556.Current Behavior
We allow people to shoot themselves in the foot by modifying
_users/_security.Possible Solution
Always return a
403on write attempts for_users/_security. @rnewson do you have any comment on this?Steps to Reproduce (for bugs)
dev/run -n 1 --with-admin-party-pleaseContext
People are trying to change the rules for who can read/write documents in
_usersand it goes very badly.Your Environment
The text was updated successfully, but these errors were encountered: