Only admins should be able to write to any record

Tour-de-Force / couchdb-config

Configuration for the CouchDB server

0 stars 1 forks source link

Only admins should be able to write to any record #2

Open samfalconer opened 7 years ago

samfalconer commented 7 years ago

This will ensure all updates go through the server.

jsieber commented 7 years ago

I noticed that I can edit or delete data from the points table without authenticating. We should probably require login for this like the users table.

samfalconer commented 7 years ago

Navigate to CouchDB admin interface
Edit whatever you want

Results - Non-admin edits are allowed Expected - Read-only access for world (admin needed for any edits)