-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
Description
Hello,
During investigation of potential security issue in SECURITY-650, we have discussed how MongoDB is using implicit $eq parameter. This just the property of our query language and it makes it much simpler for hundreds of applications out there to write simple eq queries.
Practical example mentioned there was: { x: 1 } and { x: {$eq: 1} } are the same because we use implicitly use eq parameter.
Nevertheless, when searching the external documentation, we found that this implicit eq parameter is mentioned in our documentation, but perhaps not as clearly as it should. Examples links that we found: link1 and link2.
This may then result in some of our clients or security researchers not understanding this query language property and they may write insecure applications or incorrectly raise this as security vulnerability.
Therefore, I was wondering if we could please update our documentation to make it clearer that eq parameter is implicit?
Please let me know if this is not the right way how to raise this or if you have any questions.
Thank you!