[COUCHDB-3367] Require admin privileges for clustered _compact and _view_cleanup - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

Contrary to what is stated in the security docs (http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are not enforced for the db/_compact and db/_view_cleanup clustered endpoints.

Since normal users should not be able to trigger compaction, either system level or db level admin privileges should be enforced by couchdb.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Frederick Kämpfer

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 08/Apr/17 20:25

Updated:: 02/Sep/18 07:06

Resolved:: 02/Sep/18 07:06