Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-26257

DBDirectClient should not support auth

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 3.3.12
    • 4.9.0
    • None
    • Fully Compatible
    • Security 2021-01-11, Security 2021-01-25

    Description

      Per SERVER-26101, the auth method is not supported on DBDirectClent. The fix in SERVER-26101 removed it from the JavaScript context, but there may other indirect paths to this function.

      The DBDirectClient class should override the auth method, and change it to uassert that it is not supported to be sure.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-26101 DBDirectClient isn't safe to auth

          • Major - P3 - Major loss of function.
          • Closed
          related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-33648 Attempting to perform user- and role-management commands in db.eval() with nolock=false can lead to deadlock

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
              mark.benvenuto@mongodb.com Mark Benvenuto
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: