[ https://issues.apache.org/jira/browse/COUCHDB-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15962187#comment-15962187 ]
Frederick Kämpfer commented on COUCHDB-3367: -------------------------------------------- PR: https://github.com/apache/couchdb/pull/475 > Require admin privileges for clustered _compact and _view_cleanup > ----------------------------------------------------------------- > > Key: COUCHDB-3367 > URL: https://issues.apache.org/jira/browse/COUCHDB-3367 > Project: CouchDB > Issue Type: Bug > Reporter: Frederick Kämpfer > > Contrary to what is stated in the security docs > (http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are > not enforced for the db/_compact and db/_view_cleanup clustered endpoints. > Since normal users should not be able to trigger compaction, either system > level or db level admin privileges should be enforced by couchdb. -- This message was sent by Atlassian JIRA (v6.3.15#6346)