Details
-
Bug
-
Resolution: Fixed
-
Critical
-
4.5.0
-
4.5.0-2023 on macos
-
Untriaged
-
Unknown
Description
Steps to repro:
1. Download 4.5.0-2023 on macos, I downloaded on my machine.Yosemite 10.10.5 version.
2. select beer-sample during setup of couchbase.
3. We see 2 unprotected buckets in UI: default and beer-sample.
4. create primary index on beer-sample through query tab.
Go to path: ~Downloads/couchbase-server-enterprise_4/Couchbase Server.app/Contents/Resources/couchbase-core/bin on your machine
5. Able to access both buckets through shell without username,password which is correct.
6. Edit properties of beer-sample and enter a password:pass1
7. Still able to do select * from beer-sample from cbq without any creds.
8. Tried same through curl command, get this output:
prernamanaktala@couchbases-MacBook-Pro bin $ curl -v http://127.0.0.1:8093/query/service -d 'statement=select * from `beer-sample` limit 1'
- Trying 127.0.0.1...
- Connected to 127.0.0.1 (127.0.0.1) port 8093 (#0)
> POST /query/service HTTP/1.1
> Host: 127.0.0.1:8093
> User-Agent: curl/7.43.0
> Accept: /
> Content-Length: 45
> Content-Type: application/x-www-form-urlencoded
> - upload completely sent off: 45 out of 45 bytes
< HTTP/1.1 200 OK
< Content-Length: 1369
< Content-Type: application/json; version=1.0.0
< Date: Tue, 05 Apr 2016 17:12:57 GMT
<
{
"requestID": "a7e3f709-c101-4447-bdcb-18228627a7c8",
"signature": { "*": "*" },
"results": [
{
"beer-sample":Unknown macro: { "address"}}
{ "elapsedTime": "7.392065ms", "executionTime": "7.340732ms", "resultCount": 1, "resultSize": 1055 }
],
"status": "success",
"metrics":}
- Connection #0 to host 127.0.0.1 left intact