Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 3.6.0
Affects Version/s: None
Component/s: API, Configuration
Labels:
None

Epic Link:
Java MongoDB 3.6 Support
Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

As a consequence of privilege delegation in MongoDB, a MongoClient must eagerly authenticate all credentials that it has been provided. It does not know whether a user has been granted a privilege in another database (e.g. a user defined in database "db1" may have been granted a privilege to read from database "db2"). This makes it dangerous in general to create a MongoClient with more than one credential.

In addition, the session support added in MongoDB 3.6 requires that only a single user is authenticated.

is depended on by

DRIVERS-419 Deprecate lazy authentication and MongoClient constructors that take multiple credentials.

Closed

is related to

JAVA-2117 Document how to use connection string with multiple credentials

Closed

Assignee:: Jeffrey Yemin
Reporter:: Rathi Gnanasekaran (Inactive)
Reviewers:: None
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Nov 10 2017 05:31:19 PM UTC
Updated:: Oct 29 2023 02:32:30 AM UTC
Resolved:: Nov 15 2017 02:22:22 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates