Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.0.0, 4.1.1
Affects Version/s: None
Component/s: Internal Code
Labels:
- security

Backwards Compatibility:
Fully Compatible
Backport Requested:

v4.0, v3.6
Sprint:
Platforms 2018-05-07, Platforms 2018-05-21, Platforms 2018-06-04
Linked BF Score:
45
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Most Commands have a requiresAuth()==true condition (the default).
For those commands, we shouldn't parse() their request unless the client is authenticated.

These requests are going to be rejected anyway, so there's no user-visible change, but we could be making the rejection decision more securely and efficiently.

causes

SERVER-35382 _isSelf command needs to be marked requiresAuth false

Closed

SERVER-35463 Mark listCommands as pre-auth

Closed

is related to

SERVER-38390 Set requiresAuth to false for certain commands

Closed

related to

SERVER-35463 Mark listCommands as pre-auth

Closed

SERVER-12143 Make some unauthenticated commands require auth

Closed

Assignee:: Billy Donahue
Reporter:: Billy Donahue
Participants:: Billy Donahue, Githook User
Votes:: 0 Vote for this issue
Watchers:: 10 Start watching this issue

Created:: Apr 24 2018 07:28:04 PM UTC
Updated:: Oct 29 2023 10:32:25 PM UTC
Resolved:: May 31 2018 10:41:07 PM UTC
Confidence Status Last Update:: 25/May/18 3:24 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates