force desktopcouch auth on

Bug #427446 reported by Chad Miller on 2009-09-10
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
desktopcouch
Critical
Chad Miller

Bug Description

No one should be able to connect to couchdb without being authorized. In addition to admin account for Futon, we must protect direct access to couchdb using oauth.

The records interface must speak oauth correctly, and the replicating servers must each know the oauth tokens of the remote end.

The INI file we use for desktop couch must force auth to be enabled. We think this should be in a system INI file for desktopcouch that we read when starting up couchdb.

Related branches

Chad Miller (cmiller) wrote :

This may just be a matter of making a new file at
  /etc/desktopcouch/default.ini
and packing it with the setting, and making the couchdb launcher in d-c load it.

tags: added: ubuntuone-karmic
Stuart Langridge (sil) wrote :

in the source tree, config/desktop-couch/compulsory-auth.ini should end up in the desktopcouch package as /etc/xdg/desktop-couch/compulsory-auth.ini, but it does not seem to be so. Reassigning to Chad as a packaging bug.

Changed in desktopcouch:
assignee: Stuart Langridge (sil) → Chad Miller (cmiller)
Chad Miller (cmiller) wrote :

User configs already start with auth enabled. The system-level config is extra paranoia to make things secure by default, if a user config file is missing or broken.

See also: #438800

Changed in desktopcouch:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers