Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-59774

Separate locks for Encrypting Audit Log Lines and Writes to Log File

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Server Security

    Description

      When writing audit logs to disk, we need to ensure that the IVs are allocated under a lock. We also need to ensure that when writing an audit entry to disk, the IVs are written in the right order. We currently do this by taking a lock from the start of encrypting a log line until the log has been written to disk. This can be very slow.

      An alternate proposal would be to perform the encryption under lock A and add the encrypted log line to a heap, then release the lock. Later, when the file writer is free, take the file writer lock under lock B and write the first item from the heap to disk.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            shreyas.kalyan@mongodb.com Shreyas Kalyan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: