Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34653

don't even parse requiresAuth commands unless client is authenticated

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 4.0.0, 4.1.1
    • Internal Code
    • Fully Compatible
    • v4.0, v3.6
    • Platforms 2018-05-07, Platforms 2018-05-21, Platforms 2018-06-04
    • 45

    Description

      Most Commands have a requiresAuth()==true condition (the default).
      For those commands, we shouldn't parse() their request unless the client is authenticated.

      These requests are going to be rejected anyway, so there's no user-visible change, but we could be making the rejection decision more securely and efficiently.

      Attachments

        Issue Links

          Activity

            People

              billy.donahue@mongodb.com Billy Donahue
              billy.donahue@mongodb.com Billy Donahue
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: