Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Done
Priority: Major - P3
Fix Version/s: 4.9.0
Affects Version/s: 3.3.12
Component/s: None
Labels:
- neweng

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2021-01-11, Security 2021-01-25
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Per ~~SERVER-26101~~, the auth method is not supported on DBDirectClent. The fix in ~~SERVER-26101~~ removed it from the JavaScript context, but there may other indirect paths to this function.

The DBDirectClient class should override the auth method, and change it to uassert that it is not supported to be sure.

is related to

SERVER-26101 DBDirectClient isn't safe to auth

Closed

related to

SERVER-33648 Attempting to perform user- and role-management commands in db.eval() with nolock=false can lead to deadlock

Closed

Assignee:: Sergey Galtsev (Inactive)
Reporter:: Mark Benvenuto
Participants:: Githook User, Mark Benvenuto, Sergey Galtsev
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Sep 22 2016 07:20:42 PM UTC
Updated:: Jan 13 2021 08:42:03 PM UTC
Resolved:: Jan 13 2021 08:42:03 PM UTC
Confidence Status Last Update:: 11/Jan/21 6:33 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates