Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-464

PyMongo should disallow multiple authentications to the same database in a single client instance.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5
    • Component/s: None
    • Labels:
      None

      Description

      PyMongo currently allows a single MongoClient/MongoReplicaSetClient instance to authenticate to the same database multiple times using different credentials. This has a few problems:

      • The credential cache only supports one set of credentials per database. Each subsequent authentication overwrites the previous credential cache entry.
      • MongoDB logs out the previous user and logs in the new user. This is expected to avoid privilege escalation, but if the next user only has read-only privileges all previous authentications become read-only.
      • Trying to fix the above issues when there are more concurrent users than the size of the connection pool will lead to terrible performance issues.

      Going forward PyMongo will raise an exception if Database.authenticate would cause the credential cache entry for a database to be overwritten (multiple calls to Database.authenticate with the same credentials will continue to work). To support multiple concurrent users of a single database, multiple MongoClient/MongoReplicaSetClient instances will be required.

      Note: You will still be able to authenticate to multiple different databases using a single client instance.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: