Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-928

Change security constraints for command monitoring

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Won't Do
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None

    Description

      The constraints for redacting security-sensitive commands in command monitoring require the driver to check the command name against a pre-defined list (https://github.com/mongodb/specifications/blob/master/source/command-monitoring/command-monitoring.rst#security).

      However, this gets complicated by things like speculative authentication, which mandates that drivers redact isMaster if the speculativeAuthenticate field is present. This is error prone because sending an isMaster command with that field does not guarantee that the reply will also have the field, so a driver checking both the request and response might redact the started event but publish the finished event.

      This can be simplified by mandating that drivers must not publish events for any commands sent during the handshake, authentication, or SDAM routines. This way, any commands explicitly sent by the user are monitored and commands internally started by the driver are not.

      Attachments

        Activity

          People

            Unassigned Unassigned
            divjot.arora@mongodb.com Divjot Arora (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: