-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reporter error code 401 - wiki correction? #4
Comments
In case it went to your junk folder, I replied to your email with more details on this. |
I got your mail, had a look to your DB and logs, and have been thinking about it since. Unless it changed recently, CouchDB's security model is the following (Matt Woodward's blog post is the best summary of this topic):
So, in your case, I don't understand how adding the "reporter" role as a database member could have allowed your report user to PUT reports in your Database. There might have been something else... are you sure that the attempts that were receiving 401 errors were made with the correct reporter credentials in your ACRA configuration ? |
I removed "reporter" role from the member list and AFAIK am following the wiki instructions to the letter. I can log in manually to futon with the reporter credentials, so it doesn't look like a password typo. I continue to get a 401 error:
One time I did get a different error. In case it helps:
|
I also tried using regular http: instead of https: in my Java app. That also didn't seem to help. Do I need to use a salted/hashed password in the Java annotation? It's just plain text right now. I just tried using the admin credentials instead in my app. Now I get a 403 error:
I tried manually deleting the cached stacktrace files in the app's data directory, but that didn't change the 403 error. |
For now I'm going to add reporter back as a member to the acra-storage db, so that the my team can start using it. In case you look into my db and are confused. |
Hmmm, from what I'm reading, there is no kind of "write-only" user as of couchdb 1.2. I don't think Matt Woodward's post is correct when he says anonymous writes are allowed on a db with readers assigned. Here's a (rather old) bug report but it does seem to refer to version 1.2: This is consistent with what I've read on stackoverflow as well: a user can either (read and write) or nothing. With a validation function you can effectively achieve read-only access, as you well know. But there's no built-in mechanism for write-only access from what I've seen so far. I'm sure you've read into this much more than me, so if you have other references besides Woodward, I'd be curious to read them. |
What about creating an encrypted database that the reporter can write (and read). Then somehow this gets replicated and unencrypted to another database which only the reader can read. Another idea out the wazoo: Can the validator from one database write to another database? The reporter's database validator would just validate and forward the information to the "real" destination db (which perhaps has a different validator). |
I had the exact same problem tonight. Followed the instructions with iriscouch. Originally had |
I'm sorry, I've been misled by the previously cited blog post. I just figured out that my own reporter user was also a reader. This is really embarrassing, I did not want reporter users to be able to
|
jquery.couchLogin.js doesn't seem very extendable, but couldn't we change script/app.js so that it checks I guess it doesn't actually fix people logging in with the api and accessing it that way. |
The problem is that someone who gets the reporter user credentials will I think that all we can do for the moment is warn devs that their
|
I saw you posted on https://issues.apache.org/jira/browse/COUCHDB-1287?focusedCommentId=13585238&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13585238 I've voted up the issue as well. |
Any good ideas for a clean and simple way to do that with an open-source project on github? My first thought was to create a class that doesn't get committed to the repository (but would that violate GPL?): UncommittedClass.java
MyApp.java
You could still get the strings by decompiling but at least it wouldn't be hanging out in the wind for all to see. |
Yes @littleguy77 , I think this can be a simple and sufficient way. We should include the formUri as well in the UncommittedClass. |
Is it potentially possible to create an insert only user, or do we need to handle this security issue with a small proxy app to keep the user/pass out of the app? |
I updated the wiki with:
|
I noticed you added the instructions to the wiki to include the "reader" role as a member of the "acra-foo" database. However, when I do this, I can no longer submit reports (401 error). I added the "reporter" role as a second member of "acra-foo" and that allowed me to submit reports again. But is that the correct solution? Did I miss a step somewhere in the wiki?
The text was updated successfully, but these errors were encountered: