Illegal DB creation permitted #1644
Closed
Comments
The problem is here. We only match the suffix of the database and don't check validity of the prefix. |
iilyak
added a commit
to cloudant/couchdb
that referenced
this issue
Oct 8, 2018
Previously we only checked that the suffix of the database is matching one of the predefined system databases. We really should check the prefix against DBNAME_REGEXP to prevent creation of illegaly named databases. This fixes apache#1644
iilyak
added a commit
to cloudant/couchdb
that referenced
this issue
Oct 8, 2018
Previously we only checked that the suffix of the database is matching one of the predefined system databases. We really should check the prefix against DBNAME_REGEXP to prevent creation of illegally named databases. This fixes apache#1644
iilyak
added a commit
to cloudant/couchdb
that referenced
this issue
Oct 8, 2018
Previously we only checked that the suffix of the database is matching one of the predefined system databases. We really should check the prefix against DBNAME_REGEXP to prevent creation of illegally named databases. This fixes apache#1644
iilyak
added a commit
to cloudant/couchdb
that referenced
this issue
Oct 8, 2018
Previously we only checked that the suffix of the database is matching one of the predefined system databases. We really should check the prefix against DBNAME_REGEXP to prevent creation of illegally named databases. This fixes apache#1644
iilyak
added a commit
to cloudant/couchdb
that referenced
this issue
Oct 8, 2018
Previously we only checked that the suffix of the database is matching one of the predefined system databases. We really should check the prefix against DBNAME_REGEXP to prevent creation of illegally named databases. This fixes apache#1644
iilyak
added a commit
to cloudant/couchdb
that referenced
this issue
Oct 10, 2018
Previously we only checked that the suffix of the database is matching one of the predefined system databases. We really should check the prefix against DBNAME_REGEXP to prevent creation of illegally named databases. This fixes apache#1644
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reported/asked about here: https://stackoverflow.com/q/52636973/13860
Expected Behavior
Creating a database called
!abcdef/_users
should fail, due to invalid DB name.Current Behavior
DB creation succeeds:
Possible Solution
Seems likely that the "special case" for
_users
is just too permissive, such as a regex not bound to the beginning of the string, or a similar error.Steps to Reproduce (for bugs)
See curl command above.
Your Environment
The text was updated successfully, but these errors were encountered: