[jira] [Commented] (COUCHDB-3367) Require admin privileges for clustered _compact and _view_cleanup
[ https://issues.apache.org/jira/browse/COUCHDB-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16091849#comment-16091849 ] ASF subversion and git services commented on COUCHDB-3367: -- Commit 3523bab304cc031b9fcc150080ff539d9f76dabb in couchdb's branch refs/heads/master from ILYA Khlopotov [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=3523bab ] Rename unused variables COUCHDB-3367 > Require admin privileges for clustered _compact and _view_cleanup > - > > Key: COUCHDB-3367 > URL: https://issues.apache.org/jira/browse/COUCHDB-3367 > Project: CouchDB > Issue Type: Bug >Reporter: Frederick Kämpfer > > Contrary to what is stated in the security docs > (http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are > not enforced for the db/_compact and db/_view_cleanup clustered endpoints. > Since normal users should not be able to trigger compaction, either system > level or db level admin privileges should be enforced by couchdb. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (COUCHDB-3367) Require admin privileges for clustered _compact and _view_cleanup
[ https://issues.apache.org/jira/browse/COUCHDB-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16091850#comment-16091850 ] ASF subversion and git services commented on COUCHDB-3367: -- Commit 3e14510b4578c846f01fb4bb1e461dad75af29e9 in couchdb's branch refs/heads/master from ILYA Khlopotov [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=3e14510 ] Use hashed password when we create admin in test couch_server is responsible for calling hash_admin_passwords whenever "admin" section of config changes. However as you can see it from [here](https://github.com/apache/couchdb/blob/master/src/couch/src/couch_server.erl#L219) the call is asynchronous. This means that our test cases might fail when we try to using admin user while admin password is not yet hashed. COUCHDB-3367 > Require admin privileges for clustered _compact and _view_cleanup > - > > Key: COUCHDB-3367 > URL: https://issues.apache.org/jira/browse/COUCHDB-3367 > Project: CouchDB > Issue Type: Bug >Reporter: Frederick Kämpfer > > Contrary to what is stated in the security docs > (http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are > not enforced for the db/_compact and db/_view_cleanup clustered endpoints. > Since normal users should not be able to trigger compaction, either system > level or db level admin privileges should be enforced by couchdb. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (COUCHDB-3367) Require admin privileges for clustered _compact and _view_cleanup
[ https://issues.apache.org/jira/browse/COUCHDB-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15962187#comment-15962187 ] Frederick Kämpfer commented on COUCHDB-3367: PR: https://github.com/apache/couchdb/pull/475 > Require admin privileges for clustered _compact and _view_cleanup > - > > Key: COUCHDB-3367 > URL: https://issues.apache.org/jira/browse/COUCHDB-3367 > Project: CouchDB > Issue Type: Bug >Reporter: Frederick Kämpfer > > Contrary to what is stated in the security docs > (http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are > not enforced for the db/_compact and db/_view_cleanup clustered endpoints. > Since normal users should not be able to trigger compaction, either system > level or db level admin privileges should be enforced by couchdb. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
