Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Fauxton and CouchDB v3.3.3 refuse to log on non-server admin users #5278

Answered by fangq
fangq asked this question in General
Discussion options

Previously, both server admins or a user can log on fauxton. After the _all_dbs was disabled, only server admins can log on fauxton.

if log on with a non server-admin, an unauthorized error (401) is reported

Failed to load resource: the server responded with a status of 401 (Unauthorized)
Understand this error
Uncaught (in promise) Error: You are not a server admin.

is the only way to re-enable _all_dbs endpoint for non-admin access?
You must be logged in to vote

after setting admin_only_all_dbs = false, fauxton is working again for non-server-admin accounts.

I guess the real question is: what is the risk of setting admin_only_all_dbs to false? other than all users can see the available databases, are there any other safety risks that I should be paying attention?

Replies: 1 comment 4 replies

Comment options

after setting admin_only_all_dbs = false, fauxton is working again for non-server-admin accounts.

I guess the real question is: what is the risk of setting admin_only_all_dbs to false? other than all users can see the available databases, are there any other safety risks that I should be paying attention?
You must be logged in to vote
4 replies
Comment options

janl Oct 4, 2024
Collaborator

other than all users can see the available databases, are there any other safety risks that I should be paying attention?

that and that anyone, even non-users can see the list of all databases.
Comment options

@jani, I understand that setting this flag will allow even anonymous users to see the list of all databases.

however, it looks like fauxton requires _all_dbs for logging on with a non-server-admin, but non-anonymous user account.

if I turn this flag back to true - are there other flags that I can set to allow fauxton to admit database-specific admins?
Comment options

Uhm, i and l are not the same letters. May I recommend not typing usernames manually, @fangq? Or using GitHub’s autocomplete when you start mentioning someone in an issue?
Comment options

Sorry, did use auto completion, but somehow did not show the link properly. Will check next time
Answer selected by janl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet

AltStyle によって変換されたページ (->オリジナル) /