Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34653

don't even parse requiresAuth commands unless client is authenticated

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0.0, 4.1.1
    • Component/s: Internal Code
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v4.0, v3.6
    • Epic Link:
    • Sprint:
      Platforms 2018-05-07, Platforms 2018-05-21, Platforms 2018-06-04
    • Linked BF Score:
      45

      Description

      Most Commands have a requiresAuth()==true condition (the default).
      For those commands, we shouldn't parse() their request unless the client is authenticated.

      These requests are going to be rejected anyway, so there's no user-visible change, but we could be making the rejection decision more securely and efficiently.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              billy.donahue Billy Donahue
              Reporter:
              billy.donahue Billy Donahue
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: