Frederick Kämpfer created COUCHDB-3367:
------------------------------------------
Summary: Require admin privileges for clustered _compact and
_view_cleanup
Key: COUCHDB-3367
URL: https://issues.apache.org/jira/browse/COUCHDB-3367
Project: CouchDB
Issue Type: Bug
Reporter: Frederick Kämpfer
Contrary to what is stated in the security docs
(http://docs.couchdb.org/en/2.0.0/intro/security.html) admin privileges are not
enforced for the db/_compact and db/_view_cleanup clustered endpoints.
Since normal users should not be able to trigger compaction, either system
level or db level admin privileges should be enforced by couchdb.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
