[ https://issues.apache.org/jira/browse/COUCHDB-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16091850#comment-16091850 ]
ASF subversion and git services commented on COUCHDB-3367: ---------------------------------------------------------- Commit 3e14510b4578c846f01fb4bb1e461dad75af29e9 in couchdb's branch refs/heads/master from ILYA Khlopotov [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=3e14510 ] Use hashed password when we create admin in test couch_server is responsible for calling hash_admin_passwords whenever "admin" section of config changes. However as you can see it from [here](https://github.com/apache/couchdb/blob/master/src/couch/src/couch_server.erl#L219) the call is asynchronous. This means that our test cases might fail when we try to using admin user while admin password is not yet hashed. COUCHDB-3367 > Require admin privileges for clustered _compact and _view_cleanup > ----------------------------------------------------------------- > > Key: COUCHDB-3367 > URL: https://issues.apache.org/jira/browse/COUCHDB-3367 > Project: CouchDB > Issue Type: Bug > Reporter: Frederick Kämpfer > > Contrary to what is stated in the security docs > (http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are > not enforced for the db/_compact and db/_view_cleanup clustered endpoints. > Since normal users should not be able to trigger compaction, either system > level or db level admin privileges should be enforced by couchdb. -- This message was sent by Atlassian JIRA (v6.4.14#64029)