There is a global variable in the server code called "noauth" which is true by default and false if the server is running with security enabled by --auth or --keyFile. This results in a lot of if (! noauth) blocks. Would be better to remove the negative and make the global called "auth". As part of this, should also make it not a global anymore, but an accessor on static internal state in the AuthorizationManager.