Roger, If you want folks to be able to sign up by themselves, using nothing but a CouchApp, you must leave the _user database readable to anyone. For certain apps--where the users' profiles are public anyways--having the _user DB world-readable doesn't necessarily matter.
If I didn't want the _users database to be readable, I'd create a frontend webapp (using my favorite HTTP scripting environment at the moment) to create users via an admin account. Cheers, Zach On Wed, Nov 3, 2010 at 4:07 AM, <[email protected]> wrote: >> To create a normal user with a role of "reader", just PUT >> {"name":"username","roles":["reader"]....} to >> /_users/org.couchdb.user:username > > OK ... but what about the password? Is there a complete example > anywhere of this working? > > I managed to stumble through it all last night by logging out and then > using the sign up process, except that when you have security on the > _users database (which seems prudent) you don't have any rights to > access it because you are signed out! So in order to do it, you have > to turn security OFF, then create the users and then remember to turn > security back on. Seems a bit crazy no? > > Shouldn't Futon have the ability to create normal users and shouldn't > this be an activity restricted to administrators? > > I know one can argue that you can add security via a proxy, but that > instantly makes the whole setup doubly complicated and shouldn't be > the default option. > > Roger >
