Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12143

Make some unauthenticated commands require auth

    XMLWordPrintable

    Details

    • Sprint:
      Security 2019-07-29
    • Case:

      Description

      There are currently 19 commands that do not require authentication. Several of these commands has no use case before an successful authentication has been performed.

      To reduce the unauthenticated API surface without introducing any complexity into the auth system we should introduce commands that require authentication but not authorization.

      The following commands should only be runnable after a successful authentication (with any user, even a user with no roles):
      availableQueryOptions, buildinfo, copydbgetnonce, features, forceerror, getoptime, isdbgrid, isMaster*, listCommands, logout, whatsmyuri

      *isMaster is used by several drivers before performing any authentication so this change will require driver adoption.

      The following commands should be kept as they are:
      _isSelf, authenticate, connectionStatus, getLastError, getnonce, getPrevError, ping, resetError

        Attachments

          Issue Links

          depends on

          New Feature - A new feature of the product, which has yet to be developed. DRIVERS-90 drivers must authenticate before calling isMaster()

          • Major - P3 - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-5479 Arbiter in authenticated replica set should allow and require login/auth for admin-only operations

          • Major - P3 - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-13698 Add roles and privileges to connectionStatus output

          • Major - P3 - Major loss of function.
          • Closed
          is depended on by

          Improvement - An improvement or enhancement to an existing feature or task. DRIVERS-568 Make some unauthenticated commands require auth

          • Major - P3 - Major loss of function.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. SERVER-13166 Enabled authentication still allows remote login without username

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-15293 Anonymous connections are allowed even when auth is enabled

          • Major - P3 - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-5479 Arbiter in authenticated replica set should allow and require login/auth for admin-only operations

          • Major - P3 - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-34653 don't even parse requiresAuth commands unless client is authenticated

          • Major - P3 - Major loss of function.
          • Closed
          related to

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-15588 An arbiter should return an empty list of supported SASL mechanisms

          • Major - P3 - Major loss of function.
          • Open

            Activity

              People

              Assignee:
              spencer.jackson Spencer Jackson
              Reporter:
              andreas.nilsson@ninetech.se Andreas Nilsson
              Participants:
              Votes:
              5 Vote for this issue
              Watchers:
              27 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: