Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12236

Don't query admin.system.users on new localhost connections if the localhost auth bypass has been explicitly disabled

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 2.5.5
    • 2.4.8, 2.5.4
    • Security
    • None
    • Fully Compatible
    • ALL

    Description

      Currently, anytime an access-control enabled mongod or mongos receive a new connection from localhost, it must issue a query against admin.system.user to determine if there are any users defined in the system, and thus whether or not to grant the connection full access according to the localhost auth bypass.

      We do this reads on admin.system.users even if the user has explicitly opted-out of the localhost exception by using setParameter=enableLocalhostAuthBypass=0.

      It should be trivial to avoid this unnecessary read when the localhost exception is disabled.

      Attachments

        Activity

          People

            spencer@mongodb.com Spencer Brody (Inactive)
            spencer@mongodb.com Spencer Brody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: