[SERVER-33302] Missing log redaction for a few failure paths - MongoDB

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 3.6.2
Fix Version/s: 3.6.4, 3.7.3
Component/s: Querying
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v3.6
Sprint:
Query 2018-02-26
Case:

Description

When using authentication and log redaction, issuing a find command the query is displayed in the log file if the user is not authorized to run the command:

Using OP_QUERY legacy find

2018-02-13T14:19:54.531-0500 I QUERY    [conn1] assertion Unauthorized: not authorized for query on test.foo ns:test.foo query:{ _id: 123.0 }

Using find command

2018-02-13T14:20:14.811-0500 I ACCESS   [conn2] Unauthorized: not authorized on test to execute command { find: "foo", filter: { _id: 123.0 }, $db: "test" }

Attachments

Issue Links

is related to

SERVER-34003 passwords are not redacted from unrecognized commands

Closed

related to

SERVER-33857 Missing log redaction due to confusion with Command::redactForLogging()

Closed

Activity

People

Assignee:: David Storch

Reporter:: Ramon Fernandez Marina

Participants:: David Storch, Githook User, Ramon Fernandez Marina

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: Feb 13 2018 07:34:09 PM UTC

Updated:: May 04 2018 01:38:35 AM UTC

Resolved:: Feb 20 2018 08:12:54 PM UTC