Hi there, I mentioned the topic yesterday night during the CouchDB meeting:
I started working on a PR [1] which hides the config tab in Faxuton if Fauxton runs on the front-ports of the cluster as a result of the discussion in COUCHDB-2390 [2]. It works, no config on the front ports (also not with curl, as we removed the route from chttpd) :) The Fauxton team is using CouchDB 2.0. Some team-members started to test features on the backdoor ports which still serve the `_config` route. This lead to bad errors a few workdays later which were hard to diagnose - it was not obvious to our team why Couch is broken at all and how to solve that issue. My team works on a daily basis with and for CouchDB - this is why I am quite worried about our users who just want to use CouchDB. Yesterday I thought which possibilities we have to avoid such scenarios: A solution could be to also deactivate _config on the backdoor-ports. But users can still make changes to the config-ini-files which are on each node. And if we take away the config files, CouchDB is not configurable any more. At the last CouchDB Meetup Hamburg we discussed a "token ring" [1] for configurations. This is neat but needs some work in the Erlang core. I think there are a ton of other possible solutions. For me the config is still a major issue after that experience. What do you think? [1] https://github.com/apache/couchdb-fauxton/pull/360 [2] https://issues.apache.org/jira/browse/COUCHDB-2390 [3] https://www.sics.se/~ali/teaching/ds/ds-token.pdf