diff options
| author | Jan Lehnardt <jan@apache.org> | 2018-07-14 12:01:58 +0200 |
|---|---|---|
| committer | Jan Lehnardt <jan@apache.org> | 2018-07-15 20:29:39 +0200 |
| commit | 45583af0cb600b712b1eb965b812f3537991f6f4 (patch) | |
| tree | a03518077852801ea19232fc1b9cb03afb67e2ec | |
| parent | 8e5caaf9bffd90737208775d9d7cfab3d3ec4b61 (diff) | |
| download | couchdb-45583af0cb600b712b1eb965b812f3537991f6f4.tar.gz | |
Optionally prevent non-admins from accessing /_all_dbs
| -rw-r--r-- | rel/overlay/etc/default.ini | 3 | ||||
| -rw-r--r-- | src/chttpd/src/chttpd_auth_request.erl | 5 |
2 files changed, 7 insertions, 1 deletions
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini index 0f0d54793..fbc61afd6 100644 --- a/rel/overlay/etc/default.ini +++ b/rel/overlay/etc/default.ini @@ -98,6 +98,9 @@ max_db_number_for_dbs_info_req = 100 ; uncomment the next line to enable proxy authentication ; authentication_handlers = {chttpd_auth, proxy_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler} +; prevent non-admins from accessing /_all_dbs +;admin_only_all_dbs = false + [database_compaction] ; larger buffer sizes can originate smaller files doc_buffer_size = 524288 ; value in bytes diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl index 05c5e8e35..9110ed6bc 100644 --- a/src/chttpd/src/chttpd_auth_request.erl +++ b/src/chttpd/src/chttpd_auth_request.erl @@ -34,7 +34,10 @@ authorize_request_int(#httpd{path_parts=[]}=Req) -> authorize_request_int(#httpd{path_parts=[<<"favicon.ico">>|_]}=Req) -> Req; authorize_request_int(#httpd{path_parts=[<<"_all_dbs">>|_]}=Req) -> - Req; + case config:get_boolean("chttpd", "admin_only_all_dbs", false) of + true -> require_admin(Req); + false -> Req + end; authorize_request_int(#httpd{path_parts=[<<"_dbs_info">>|_]}=Req) -> Req; authorize_request_int(#httpd{path_parts=[<<"_replicator">>], method='PUT'}=Req) -> |