Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-44440

Consider disallowing users from writing to special local database collections

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Storage
    • Labels:
    • Storage Execution

      Some easy to extend mechanism to entirely (no auth loopholes, maybe standalone loophole) prevent user writes to certain collections, if it does not already exist, might be a good thing to have.

      Specifically, repl code has expectations that the 'local.replset.minvalid' and 'local.replset.oplogTruncateAfterPoint' collections are not written to by users – e.g., we expect those collections to have a certain number of documents.

      We should consider whether backup needs to be allowed write access, or other downstream products. Also whether downstream products perhaps only need access in standalone mode, so we could target repl mode specifically for disallowing the writes and disallowing incorrect config on startup.

            backlog-server-execution [DO NOT USE] Backlog - Storage Execution Team
            dianna.hohensee@mongodb.com Dianna Hohensee (Inactive)
            0 Vote for this issue
            12 Start watching this issue