Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-10023

Docs for SERVER-9609: Ensure users can only call getMore on cursors they created

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • mongodb-3.6, 3.5.5
    • Affects Version/s: None
    • Component/s: Server
    • Labels:
      None

      Documentation Request Summary:

      If authentication is turned on, then users may only issue getMores against cursors they created.

      Engineering Ticket Description:

      A ClientCursor should be associated with the set of users that were authenticated when it was created. A getMore should only succeed if the intersection of currently authenticated users and the set of users associated with the ClientCursor is nonempty (or the set of users associated with the ClientCursor is empty).

            Assignee:
            pavithra.vetriselvan@mongodb.com Pavithra Vetriselvan
            Reporter:
            emily.hall Emily Hall
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:
              6 years, 37 weeks, 2 days ago