Uploaded image for project: 'CouchDB'
  1. CouchDB
  2. COUCHDB-3367

Require admin privileges for clustered _compact and _view_cleanup

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Contrary to what is stated in the security docs (http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are not enforced for the db/_compact and db/_view_cleanup clustered endpoints.

      Since normal users should not be able to trigger compaction, either system level or db level admin privileges should be enforced by couchdb.

        Activity

        Show
        fkaempfer Frederick Kämpfer added a comment - PR: https://github.com/apache/couchdb/pull/475
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 3523bab304cc031b9fcc150080ff539d9f76dabb in couchdb's branch refs/heads/master from ILYA Khlopotov
        [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=3523bab ]

        Rename unused variables

        COUCHDB-3367

        Show
        jira-bot ASF subversion and git services added a comment - Commit 3523bab304cc031b9fcc150080ff539d9f76dabb in couchdb's branch refs/heads/master from ILYA Khlopotov [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=3523bab ] Rename unused variables COUCHDB-3367
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 3e14510b4578c846f01fb4bb1e461dad75af29e9 in couchdb's branch refs/heads/master from ILYA Khlopotov
        [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=3e14510 ]

        Use hashed password when we create admin in test

        couch_server is responsible for calling hash_admin_passwords whenever
        "admin" section of config changes. However as you can see it from
        [here](https://github.com/apache/couchdb/blob/master/src/couch/src/couch_server.erl#L219)
        the call is asynchronous. This means that our test cases might fail when
        we try to using admin user while admin password is not yet hashed.

        COUCHDB-3367

        Show
        jira-bot ASF subversion and git services added a comment - Commit 3e14510b4578c846f01fb4bb1e461dad75af29e9 in couchdb's branch refs/heads/master from ILYA Khlopotov [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=3e14510 ] Use hashed password when we create admin in test couch_server is responsible for calling hash_admin_passwords whenever "admin" section of config changes. However as you can see it from [here] ( https://github.com/apache/couchdb/blob/master/src/couch/src/couch_server.erl#L219 ) the call is asynchronous. This means that our test cases might fail when we try to using admin user while admin password is not yet hashed. COUCHDB-3367

          People

          • Assignee:
            Unassigned
            Reporter:
            fkaempfer Frederick Kämpfer
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:

              Development