Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10897

User and role names should be canonicalized by the server using Unicode canonicalization form NFC

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Security
    • None
    • Server Security

    Description

      Unicode specification, chapter 3. Section 3.11 discusses the canonicalization forms: http://www.unicode.org/versions/Unicode6.2.0/ch03.pdf

      In essence, if a sophisticated user looking at two user or role names cannot distinguish them without looking at the sequence of code points used to encode them, applications and drivers will be at risk of producing the wrong byte string based on user input, preventing log-in, or identifying the incorrect user or role.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            schwerin@mongodb.com Andy Schwerin
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated: