Menu
I want to remotely manage couchdb by curl using the administrator account, but I found that anonymous users can also read some information , like _all_dbs, which is not what I want. It seems that couchdb allows anonymous users using GET and HEAD methods, so how can I prevent it? What I want is only administrators are allowed.
I have made the following settings in local.ini:
require_valid_user = true
WWW-Authenticate = Basic realm="administrator"
Thanks & regards
403
Assuming you disabled Admin party mode. Try setting both valid users fields like so:
[couch_httpd_auth]
require_valid_user = true
[chttpd]
require_valid_user = true
As per the docs, one is for clustered port and the other is node-local port.
EDIT: I forgot about the membership.
You need to set each Database Security object. And put some members in the members and admins fields. You can do this via Fauxton GUI by clicking on the "lock" icon next to each database. Or by doing PUT /db/_security with the appropriate json. From the docs (emphasis mine).
If there are any member names or roles defined for a database, then only authenticated users having a matching name or role are allowed to read documents from the database.
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
