[
https://issues.apache.org/jira/browse/COUCHDB-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16091850#comment-16091850
]
ASF subversion and git services commented on COUCHDB-3367:
----------------------------------------------------------
Commit 3e14510b4578c846f01fb4bb1e461dad75af29e9 in couchdb's branch
refs/heads/master from ILYA Khlopotov
[ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=3e14510 ]
Use hashed password when we create admin in test
couch_server is responsible for calling hash_admin_passwords whenever
"admin" section of config changes. However as you can see it from
[here](https://github.com/apache/couchdb/blob/master/src/couch/src/couch_server.erl#L219)
the call is asynchronous. This means that our test cases might fail when
we try to using admin user while admin password is not yet hashed.
COUCHDB-3367
> Require admin privileges for clustered _compact and _view_cleanup
> -----------------------------------------------------------------
>
> Key: COUCHDB-3367
> URL: https://issues.apache.org/jira/browse/COUCHDB-3367
> Project: CouchDB
> Issue Type: Bug
> Reporter: Frederick Kämpfer
>
> Contrary to what is stated in the security docs
> (http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are
> not enforced for the db/_compact and db/_view_cleanup clustered endpoints.
> Since normal users should not be able to trigger compaction, either system
> level or db level admin privileges should be enforced by couchdb.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
