Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11866

Make renameCollectionSameDB only work if you have the same read permission on the source and dest collections

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.5.5
    • Affects Version/s: 2.5.4
    • Component/s: Security
    • None
    • ALL
    • None
    • 0
    • None
    • None
    • None
    • None
    • None
    • None

      Currently if you have renameCollectionSameDB on a database, you can rename any collection within that database. The problem is that you could potentially rename from a collection you don't have read access to to one that you do, which is potentially a security hole. We should only let renameCollectionSameDB work if you have read on source, or don't have read on dest.

            Assignee:
            spencer@mongodb.com Spencer Brody (Inactive)
            Reporter:
            spencer@mongodb.com Spencer Brody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: