[SERVER-3537] Security (write-only setting for database key) - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Minor - P4
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: features we're not sure of
Component/s: Security
Labels:
- query
- security

Assigned Teams:

Security

Description

Obviously Mongo isn't vulnerable to the sorts of injection that haul sensitive data off SQL databases all day, every day. However, SQL injection attacks raise a significant and broad security question: why do application servers have access to sensitive data that they don't need? Proposal:

Allow the user to declare a database key as "write only"
Queries against this key behave as normal
Optionally raise an error or return null on attempts to read the restricted key

This would create a strong layer of security around data such as passwords that must be written and compared but never ever read.

Attachments

Activity

People

Assignee:: Backlog - Security Team

Reporter:: Jason Voorhees

Participants:: Andreas Nilsson, Backlog - Security Team, Jason Voorhees, Kevin "Schmidty" Smith, Ramon Fernandez Marina

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: Aug 04 2011 09:00:16 PM UTC

Updated:: Dec 06 2022 05:41:49 AM UTC