Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-9609

Ensure users can only call getMore on cursors they created

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.5.5
    • Component/s: Querying, Security
    • Labels:
      None
    • Backwards Compatibility:
      Minor Change
    • Sprint:
      Query 2017-03-27

      Description

      A ClientCursor should be associated with the set of users that were authenticated when it was created. A getMore should only succeed if the intersection of currently authenticated users and the set of users associated with the ClientCursor is nonempty (or the set of users associated with the ClientCursor is empty).

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                15 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: