Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-44440

Consider disallowing users from writing to special local database collections

    XMLWordPrintable

Details

    • Improvement
    • Status: Backlog
    • Major - P3
    • Resolution: Unresolved
    • None
    • None
    • Storage
    • None

    Description

      Some easy to extend mechanism to entirely (no auth loopholes, maybe standalone loophole) prevent user writes to certain collections, if it does not already exist, might be a good thing to have.

      Specifically, repl code has expectations that the 'local.replset.minvalid' and 'local.replset.oplogTruncateAfterPoint' collections are not written to by users – e.g., we expect those collections to have a certain number of documents.

      We should consider whether backup needs to be allowed write access, or other downstream products. Also whether downstream products perhaps only need access in standalone mode, so we could target repl mode specifically for disallowing the writes and disallowing incorrect config on startup.

      Attachments

        Issue Links

          Activity

            People

              backlog-server-execution Backlog - Storage Execution Team
              dianna.hohensee@mongodb.com Dianna Hohensee
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated: