Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-9446

No sanity check of role existence when creating users

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.4.3
    • Fix Version/s: 2.5.3
    • Component/s: Security
    • Labels:
      None
    • Operating System:
      ALL

      Description

      When calling AddUser to add a new user or modifying the roles array no verification is done that the role actually exists.

      This allows for simple typos to cause unpredictable authorization behavior and potentially permission problems which are very difficult to troubleshoot. If the system allowed for custom defined roles the case would be even stronger.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: