fkaempfer opened a new pull request #475: COUCHDB-3367: Require server admin user for db/_compact and db/_view_cleanup endpoints URL: https://github.com/apache/couchdb/pull/475 ## Overview This PR adds a one-line admin security check to the db/_compact and db/_view_cleanup endpoints, which are currently missing. This implements only server level admin checks according to this blog: http://blog.mattwoodward.com/2012/03/definitive-guide-to-couchdb.html ## Testing recommendations Currently all members of a database can trigger db compaction by sending a POST request to /db/_compact. This should be reserved to admins. Test by sending a POST request as a db member before and after applying this patch. ## JIRA issue number COUCHDB-3367 ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
With regards, Apache Git Services
