Fauxton and CouchDB v3.3.3 refuse to log on non-server admin users

[fangq]

Previously, both server admins or a user can log on fauxton. After the _all_dbs was disabled, only server admins can log on fauxton.

if log on with a non server-admin, an unauthorized error (401) is reported

Failed to load resource: the server responded with a status of 401 (Unauthorized)
Understand this error
Uncaught (in promise) Error: You are not a server admin.

is the only way to re-enable _all_dbs endpoint for non-admin access?

[fangq]

after setting admin_only_all_dbs = false, fauxton is working again for non-server-admin accounts.

I guess the real question is: what is the risk of setting admin_only_all_dbs to false? other than all users can see the available databases, are there any other safety risks that I should be paying attention?

[janl]

other than all users can see the available databases, are there any other safety risks that I should be paying attention?

that and that anyone, even non-users can see the list of all databases.

[fangq]

@jani, I understand that setting this flag will allow even anonymous users to see the list of all databases.

however, it looks like fauxton requires _all_dbs for logging on with a non-server-admin, but non-anonymous user account.

if I turn this flag back to true - are there other flags that I can set to allow fauxton to admit database-specific admins?

[jani]

Uhm, i and l are not the same letters. May I recommend not typing usernames manually, @fangq? Or using GitHub’s autocomplete when you start mentioning someone in an issue?

[fangq]

Sorry, did use auto completion, but somehow did not show the link properly. Will check next time