Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-44440

Consider disallowing users from writing to special local database collections

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Backlog
    • Component/s: Storage
    • Labels:
      None

      Description

      Some easy to extend mechanism to entirely (no auth loopholes, maybe standalone loophole) blacklist user writes to certain collections, if it does not already exist, might be a good thing to have.

      Specifically, repl code has expectations that the 'local.replset.minvalid' and 'local.replset.oplogTruncateAfterPoint' collections are not written to by users – e.g., we expect those collections to have a certain number of documents.

      We should consider whether backup needs to be allowed write access, or other downstream products. Also whether downstream products perhaps only need access in standalone mode, so we could target repl mode specifically for disallowing the writes and disallowing incorrect config on startup.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated: