Skip to content

security

Jump to bottom Edit New page
nmr8acme edited this page Mar 26, 2014 · 6 revisions

Acralyzer security policy

CouchDB implements a low level security model which you wouldn't describe as "flexible".

After a fresh install, a CouchDB instance is in "Admin Party" mode. This means that EVERYONE is admin, without any authentication, with full CRUD rights on all databases.

So the first thing you need to do is define an admin account. This can be done easily through the Futon UI (usually http://your.couchdb.host:port/_utils except on Cloudant where you can access it through the Cloudant dashboard... but Cloudant is never in Admin Party mode.).

To exit Admin Party mode, define an admin account via Futon by clicking the "Fix This" link in the bottom right corner of the Futon webpage.

Once you define an admin user, only admins can create/delete databases or "design documents" which represent the core application behaviors. Any other anonymous user can read/write/delete non-design documents.

CouchApp developers can configure who can create/edit documents in a dedicated validation function, but read access can only be enforced at a whole database level, not per document.

For Acralyzer, we defined that we needed:

  • an authenticated user to write reports in the database. Its credentials will be provided in the ACRA configuration in the Android application.
  • other authenticated users authorized to read reports
  • anonymous users capable of loading the user interface so that they can authenticate themselves as reports readers

This gave birth to a system with 2 databases:

  • acra-storage: reports repository
    • users with role "reporter" can write reports
    • users with role "reader" can read all data in the database.
    • anonymous readers can't read or write anything
  • acralyzer: user interface
    • anonymous users can read all data (this is mandatory if we want to let them load the user interface before authenticating...). There is NO data related to your crashes in this database.
    • once authenticated, a "reader" user can actually read reports data from acra-storage through the user interface served by acralyzer

Not implemented yet:

  • "readers" might be allowed to write data in the acralyzer database to store user preferences or configuration items
  • "readers" should be able to update some fields in the reports data (add comments, star, mark as fixed, etc) or delete reports.
Add a custom footer
Add a custom sidebar
Clone this wiki locally