You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by gi...@git.apache.org on 2017/04/08 20:31:28 UTC

[GitHub] fkaempfer opened a new pull request #475: COUCHDB-3367: Require server admin user for db/_compact and db/_view_cleanup endpoints

fkaempfer opened a new pull request #475: COUCHDB-3367: Require server admin user for db/_compact and db/_view_cleanup endpoints
URL: https://github.com/apache/couchdb/pull/475
 
 
   ## Overview
   
   This PR adds a one-line admin security check to the db/_compact and db/_view_cleanup endpoints, which are currently missing. This implements only server level admin checks according to this blog: http://blog.mattwoodward.com/2012/03/definitive-guide-to-couchdb.html
   
   ## Testing recommendations
   Currently all members of a database can trigger db compaction by sending a POST request to /db/_compact. This should be reserved to admins. Test by sending a POST request as a db member before and after applying this patch.
   
   ## JIRA issue number
   
   COUCHDB-3367
   
   
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services