Dear Devs,
i was playing around with CouchDB 0.10.0 and i was wondering, why its
possible to
trigger compaction unauthorized, i am also able to view _log. i am not
ready yet, just
testing other handlers too. Alltogether i think thats a Security Issue
or there a reason for
this, i do not know?
Just take a look at http://jchrisa.net/_log ;-)
I think these Informations should be hidden for Guest-Users. I am
going to learn Erlang
in the next couple of days,weeks, month but for now i could not
provide a patch for this.
Chris guess this would be a simple One-Line Patch with check_is_admin.
I think i can do this
next week.
what do you think?
thx alot.
mario
--
Sourcegarden GmbH HR: B-104357
Steuernummer: 37/167/21214 USt-ID: DE814784953
Geschaeftsfuehrer: Mario Scheliga, Rene Otto
Bank: Deutsche Bank, BLZ: 10070024, KTO: 0810929
Schoenhauser Allee 51, 10437 Berlin
