On Feb 14, 2012, at 13:14 , Noah Slater wrote: > Devs, > > Please outline: > > - What remains to be fixed for regression purposes
I want to bring up one more thing (sorry :). /_users/_changes is currently end-user readable. While /_users/_changes?include_docs=true will not fetch docs the requesting user doesn't have access to, it still gets all doc ids in the /_users db and thus easily can generate a list of all users. I'd like to propose to make /_user/_changes also admin-only before we ship 1.2.0. Again, I'm happy to revisit and make things configurable down the road. Note that the information that a particular user is registered is leaked (a user can't sign up with a username that is already taken, from that it can be deduced that that particular username is already registered). This is in line with most signup systems. Making /_users/_changes admin-only doesn't prevent all leakage of what users have signed up, but it stops bulk-leakage of *all* users in one swoop. What do you think? Cheers Jan --
