Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34653

don't even parse requiresAuth commands unless client is authenticated

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0.0, 4.1.1
    • Component/s: Internal Code
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v4.0, v3.6
    • Epic Link:
    • Sprint:
      Platforms 2018-05-07, Platforms 2018-05-21, Platforms 2018-06-04
    • Linked BF Score:
      45

      Description

      Most Commands have a requiresAuth()==true condition (the default).
      For those commands, we shouldn't parse() their request unless the client is authenticated.

      These requests are going to be rejected anyway, so there's no user-visible change, but we could be making the rejection decision more securely and efficiently.

        Attachments

          Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. SERVER-35382 _isSelf command needs to be marked requiresAuth false

          • Major - P3 - Major loss of function.
          • Closed

          Task - A task that needs to be done. SERVER-35463 Mark listCommands as pre-auth

          • Blocker - P1 - Blocks development and/or testing work, production could not run.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-38390 Set requiresAuth to false for certain commands

          • Major - P3 - Major loss of function.
          • Closed
          related to

          Task - A task that needs to be done. SERVER-35463 Mark listCommands as pre-auth

          • Blocker - P1 - Blocks development and/or testing work, production could not run.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-12143 Make some unauthenticated commands require auth

          • Major - P3 - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              billy.donahue Billy Donahue
              Reporter:
              billy.donahue Billy Donahue
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: