- BSON corpus tests have been updated. Drivers should sync to mongodb/specifications@db7eb39.
- Drivers should add a new constant corresponding to BSON binary subtype 0x08. "Sensitive" should be included in its identifier (e.g. BinDataType::Sensitive or BSON_SUBTYPE_SENSITIVE).
Summary
Introducing BSON Binary Data subtype 8: Sensitive.
Motivation
Who is the affected end user?
First and foremost, query stats users who wish to supply their own HMAC key will do so via this subtype.
How does this affect the end user?
Sensitive binary data are excluded from logging wherever possible, creating more security for sensitive values like HMAC keys.
How likely is it that this problem or use case will occur?
This will affect all query stats calls.
If the problem does occur, what are the consequences and how severe are they?
Without proper support for this subtype, users will not be able to use custom HMAC keys for query stats due to IDL binary data subtype validation.
Is this issue urgent?
A little. Query stats is not yet GA, but will be soon.
Is this ticket required by a downstream team?
Needed by query stats (and by extension, Atlas).
Is this ticket only for tests?
No.
- depends on
-
SERVER-78082 Ensure $queryStats HMAC key argument is not logged
- Closed
- split to
-
JAVA-5092 Add BSON Binary Data subtype Sensitive
- Closed
-
PHPC-2267 Support BSON Binary subtype 0x08 (sensitive)
- Closed
-
CXX-2722 Add binary data type Sensitive to the CXX driver
- Closed
-
PYTHON-3893 Add BSON Binary Data subtype Sensitive
- Closed
-
NODE-5506 Add BSON Binary Data subtype Sensitive
- Closed
-
CDRIVER-4700 Add BSON Binary Data subtype Sensitive
- Closed
-
CSHARP-4739 Add BSON Binary Data subtype Sensitive
- Closed
-
GODRIVER-2926 Add BSON Binary Data subtype Sensitive
- Closed
-
MOTOR-1166 Add BSON Binary Data subtype Sensitive
- Closed
-
RUBY-3309 Add BSON Binary Data subtype Sensitive
- Closed
-
RUST-1716 Add BSON Binary Data subtype Sensitive
- Closed