Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
None
-
None
Description
Contrary to what is stated in the security docs (http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are not enforced for the db/_compact and db/_view_cleanup clustered endpoints.
Since normal users should not be able to trigger compaction, either system level or db level admin privileges should be enforced by couchdb.