Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-70172

Standardize auditing events without clients

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • Server Security
    • Security 2024-02-05, Security 2024-02-19

    Description

      When we trigger an event from a signal handler, we do not have a client. Because we have a constraint enforced in the AuditEvent class to ensure that the caller passes in a client, we have to create our own client and pass it to the AuditEvent constructor. Currently the only place we have this issue is in shutdown, where we have an audit event that can be triggered by a signal handler (Ctrl-C). In this case we create a client (possibly for other reasons) and we pass that client in for the audit log. Audit log rotation also has an audit event that can be triggered by a signal handler. Here it doesn’t pass in a client (nullptr) and instead puts an if check in to the AuditEvent class.

      We should instead standardize a way of accepting audit events without a client.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            shreyas.kalyan@mongodb.com Shreyas Kalyan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: