Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-40516

Ban single-valued BSON types in FLE

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 4.1.11
    • None
    • Querying
    • None
    • Fully Compatible
    • Query 2019-05-06, Query 2019-05-20

    Description

      When a BSON value of any type is encrypted, its value is hidden but its type is deliberately exposed as plaintext. This scheme hides BSON values of type String, Double, etc., but the following BSON types can have only one value:

      • 0x06 Undefined (deprecated)
      • 0x0A Null
      • 0xFF Min key
      • 0x7F Max key

      Therefore, encrypting a value of a single-valued type leaves its value exposed, since its value is implied by its type. A JSON schema that specifies an encrypted field of one of these types is invalid, and mongocryptd must return an error for such a schema.

      Attachments

        Activity

          People

            ted.tuckman@mongodb.com Ted Tuckman
            jesse@mongodb.com A. Jesse Jiryu Davis
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: