Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12235

Don't require a database read on every new localhost connection when auth is on

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.4.8, 2.5.4
    • Fix Version/s: 3.0.3, 3.1.0
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Backport Completed:

      Description

      Currently, anytime an access-control enabled mongod or mongos receive a new connection from localhost, it must issue a query against admin.system.user to determine if there are any users defined in the system, and thus whether or not to grant the connection full access according to the localhost auth bypass.

      If we determine that there is in fact a user defined, and thus the localhost exception should not be in effect, we cache that information on the connection so that that connection does not have to query admin.system.users for this purpose again.

      We should instead cache the existence of an admin user process-wide so it only needs to be checked once, not once on every new connection.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: