Hello everyone,
I just wanted to ping you here with an issue[1] that came up, when we
designed how authentication works with our application.
If you just PUT '{}' into '<db>/_security', the database will be public.
In a database it should be very hard to release something to the public
and data should be private by default.
(I see that there is a default '_admin' role, but a small error and your
script doesn't generate content and falls
back to an empty string is very much default for me)
If you're dealing with confidential data, you can't sell to customers
that an easy error in a script leads
to open access for everyone else. (and also, of course, wouldn't like to
risk it)
I would like to propose, that no configured roles or members ('{}'} deny
access to everyone except admins.
If needed, a config option can be added, that imitates the old behavior.
(This should NOT be the default however)
You can slightly mitigate this issue with a reverse proxy upfront, but
CouchDB should be secure by default.
I'd be happy to hear what you think about that.
If you agree that this is an issue and what you think what side-effects
it might have.
[1] https://github.com/apache/couchdb/issues/3535
thigg