Multi-part patch to enable white-listing of _config API values:

1. Refactor read-only config handlers to be near each other 2. Refactor PUT and DELETE config handlers to a wrapper 3. Support a whitelist for modifying the config via HTTP, itself stored in the config 4. Document the whitelist process Patch(es) by Jason Smith. Closes COUCHDB-835. git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@979242 13f79535-47bb-0310-9956-ffa450edef68
author: Jan Lehnardt <jan@apache.org> 2010-07-26 11:20:18 +0000
committer: Jan Lehnardt <jan@apache.org> 2010-07-26 11:20:18 +0000
commit: 04f3d9892ba7a16b1431f07ac5dc031ff3bf285a (patch)
tree: 51f317121851954e64f0cd83dd1943bdfbd94b01 /etc/couchdb
parent: 6121e10adfe0095247852565d860d99590be213e (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/couchdb/local.ini b/etc/couchdb/local.ini
index f20b197a..1b31933c 100644
--- a/etc/couchdb/local.ini
+++ b/etc/couchdb/local.ini
@@ -13,6 +13,13 @@
 ; Uncomment next line to trigger basic-auth popup on unauthorized requests.
 ;WWW-Authenticate = Basic realm="administrator"
 
+; Uncomment next line to set the configuration modification whitelist. Only
+; whitelisted values may be changed via the /_config URLs. To allow the admin
+; to change this value over HTTP, remember to include {httpd,config_whitelist}
+; itself. Excluding it from the list would require editing this file to update
+; the whitelist.
+;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}]
+
 [couch_httpd_auth]
 ; If you set this to true, you should also uncomment the WWW-Authenticate line
 ; above. If you don't configure a WWW-Authenticate header, CouchDB will send
author	Jan Lehnardt <jan@apache.org>	2010-07-26 11:20:18 +0000
committer	Jan Lehnardt <jan@apache.org>	2010-07-26 11:20:18 +0000
commit	04f3d9892ba7a16b1431f07ac5dc031ff3bf285a (patch)
tree	51f317121851954e64f0cd83dd1943bdfbd94b01 /etc/couchdb
parent	6121e10adfe0095247852565d860d99590be213e (diff)