[jira] [Commented] (COUCHDB-3367) Require admin privileges for clustered _compact and _view_cleanup

JIRA Sun, 09 Apr 2017 09:56:10 -0700

    [ 
https://issues.apache.org/jira/browse/COUCHDB-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15962187#comment-15962187
 ]


Frederick Kämpfer commented on COUCHDB-3367:
--------------------------------------------

PR: https://github.com/apache/couchdb/pull/475

> Require admin privileges for clustered _compact and _view_cleanup
> -----------------------------------------------------------------
>
>                 Key: COUCHDB-3367
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-3367
>             Project: CouchDB
>          Issue Type: Bug
>            Reporter: Frederick Kämpfer
>
> Contrary to what is stated in the security docs 
> (http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are 
> not enforced for the db/_compact and db/_view_cleanup clustered endpoints.
> Since normal users should not be able to trigger compaction, either system 
> level or db level admin privileges should be enforced by couchdb.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (COUCHDB-3367) Require admin privileges for clustered _compact and _view_cleanup

Reply via email to