Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12236

Don't query admin.system.users on new localhost connections if the localhost auth bypass has been explicitly disabled

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.5.5
    • Affects Version/s: 2.4.8, 2.5.4
    • Component/s: Security
    • Labels:
      None
    • Fully Compatible
    • ALL

      Currently, anytime an access-control enabled mongod or mongos receive a new connection from localhost, it must issue a query against admin.system.user to determine if there are any users defined in the system, and thus whether or not to grant the connection full access according to the localhost auth bypass.

      We do this reads on admin.system.users even if the user has explicitly opted-out of the localhost exception by using setParameter=enableLocalhostAuthBypass=0.

      It should be trivial to avoid this unnecessary read when the localhost exception is disabled.

            Assignee:
            spencer@mongodb.com Spencer Brody (Inactive)
            Reporter:
            spencer@mongodb.com Spencer Brody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: