Hi all, Sorry the previous message left the draft state too quickly. Thanks a lot for the hard work already put into CouchDB!
As explained in a message on the user mailing list, I wanted to use couchdb-peruser on CouchDB 2.0.0 so I submitted a patch on github (https://github.com/apache/couchdb-peruser/pull/3). I am currently looking at deploying a CouchDB instance in the wild so I have been looking into securing the endpoints. * Is there a reason why _all_dbs is available to everyone? * I looked into the source code of the different building blocks, there seem to be a lot of duplication between chttp and couch_httpd. (My understanding is that the former is for the Cluster endpoint and the latter being for the node-only endpoint but I am surprised to see that much duplication). * Current peruser set the user as the admin of his database, would anyone like to have the ability to switch off that setting (user is only a member of his database) or add some granularity? Sorry, searching through the mailing list archives is a bit tricky, I only went a few months back to see if those questions were answered previously. Thanks a lot, Thomas
