Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-9446

No sanity check of role existence when creating users

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 2.5.3
    • 2.4.3
    • Security
    • None
    • ALL

    Description

      When calling AddUser to add a new user or modifying the roles array no verification is done that the role actually exists.

      This allows for simple typos to cause unpredictable authorization behavior and potentially permission problems which are very difficult to troubleshoot. If the system allowed for custom defined roles the case would be even stronger.

      Attachments

        Activity

          People

            spencer@mongodb.com Spencer Brody (Inactive)
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: