Views don't require authentication?


#1

While evaluating Couchbase Enterprise Edition 3.0.3 I’ve noticed that I can query views without authenticating.

For example, I’m running the server on Windows 8.1. After opening port 8092 to the domain, I am able to get query results from Safari running on a Mac on the same domain using something like:

http://myWindowsMachine:8092/default/_design/MyDesignDoc/_view/MyViewName?inclusive_end=true&stale=false&connection_timeout=60000&limit=30&skip=10000

My expectation would be that any access to real data would require authentication. Is there a way to turn this on or is it just not possible?


#3

I kind of assumed this was the intended approach. I’m not sure if this will be acceptable or not for HIPAA compliance though.


#4

Hello @chrisgh,

It sounds like you have created a bucket without a password. If you configure the bucket to have a password then will not be able to query it with out the correct details. If you are using curl or httpie the user name is the bucket name.

$ http "http://localhost:8092/test/_design/MyDesignDoc/_view/MyViewName?stale=false&inclusive_end=true&connection_timeout=60000&limit=10&skip=0"
HTTP/1.1 401 Unauthorized
Cache-Control: must-revalidate
Content-Length: 54
Content-Type: text/plain;charset=utf-8
Date: Thu, 11 Jun 2015 19:48:50 GMT
Server: MochiWeb/1.0 (Any of you quaids got a smint?)
WWW-Authenticate: Basic realm="capi"

{"error":"unauthorized","reason":"password required"}

Here is example with the correct details:

$ http "http://localhost:8092/test/_design/MyDesignDoc/_view/MyViewName?stale=false&inclusive_end=true&connection_timeout=60000&limit=10&skip=0" --auth test:paddy
HTTP/1.1 200 OK
Cache-Control: must-revalidate
Content-Type: text/plain;charset=utf-8
Date: Thu, 11 Jun 2015 19:49:51 GMT
Server: MochiWeb/1.0 (Any of you quaids got a smint?)
Transfer-Encoding: chunked

{"total_rows":1,"rows":[
{"id":"hello","key":"hello","value":null}
]
}

Please note you should use the SDK to interact with view and only use curl or httpie for testing and debugging.

It also worth noting that the default bucket is treat differently and you cannot create a password for it.


#5

That was the issue. I was using the default bucket. If I create a separate bucket and set a password on the bucket I’m prompted.

Thanks!