Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-40516

Ban single-valued BSON types in FLE

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 4.1.11
    • Querying
    • None
    • Fully Compatible
    • Query 2019-05-06, Query 2019-05-20

    Description

      When a BSON value of any type is encrypted, its value is hidden but its type is deliberately exposed as plaintext. This scheme hides BSON values of type String, Double, etc., but the following BSON types can have only one value:

      • 0x06 Undefined (deprecated)
      • 0x0A Null
      • 0xFF Min key
      • 0x7F Max key

      Therefore, encrypting a value of a single-valued type leaves its value exposed, since its value is implied by its type. A JSON schema that specifies an encrypted field of one of these types is invalid, and mongocryptd must return an error for such a schema.

      Attachments

        Issue Links

          Activity

            People

              ted.tuckman@mongodb.com Ted Tuckman
              jesse@mongodb.com A. Jesse Jiryu Davis
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: