Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-13734

Could we please update our documentation regarding implicit eq parameter

XMLWordPrintableJSON

      Description

      Hello,

      During investigation of potential security issue in SECURITY-650, we have discussed how MongoDB is using implicit $eq parameter. This just the property of our query language and it makes it much simpler for hundreds of applications out there to write simple eq queries.

      Practical example mentioned there was: { x: 1 } and { x: {$eq: 1} } are the same because we use implicitly use eq parameter.

       

      Nevertheless, when searching the external documentation, we found that this implicit eq parameter is mentioned in our documentation, but perhaps not as clearly as it should. Examples links that we found: link1 and link2.

      This may then result in some of our clients or security researchers not understanding this query language property and they may write insecure applications or incorrectly raise this as security vulnerability.

       

      Therefore, I was wondering if we could please update our documentation to make it clearer that eq parameter is implicit? 

       

      Please let me know if this is not the right way how to raise this or if you have any questions.

      Thank you!

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

            Assignee:
            dave.cuthbert@mongodb.com Dave Cuthbert (Inactive)
            Reporter:
            boris.sieklik@mongodb.com Boris Sieklik
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:
              3 years, 33 weeks, 2 days ago