[CXX-124] The client auth code should make sure there are no invalid entries in the auth BSON document Created: 07/Mar/14  Updated: 19/May/14  Resolved: 19/May/14

Status: Closed
Project: C++ Driver
Component/s: Implementation
Affects Version/s: legacy-0.0-26compat-2.6.0-rc1
Fix Version/s: legacy-0.9.0

Type: Bug Priority: Trivial - P5
Reporter: Kaloian Manassiev Assignee: Mira Carey
Resolution: Won't Fix Votes: 0
Labels: legacy-cxx
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows 8.1



 Description   

DBClientConnection::auth and sub-calls should ensure that the authentication parameters BSON does not contain invalid entries. For example, the password entry below is incorrect, but the client will not report any error and just proceed as if no password was specified.

                BSONObjBuilder b;
                b << "mechanism" << argv[2] <<
                     "user" << argv[3] <<
                     "password" << argv[4] <<
                     "clientLogLevel" << 1;



 Comments   
Comment by Tyler Brock [ 19/May/14 ]

strict set verification for bson object keys in bson accepting apis isn't consistent with the rest of our api and fuzzy matching for possible keys isn't a reasonable api.

Elsewhere we like have functions that can accept a set of keys in the existing rev, without breaking on possibly new keys in later versions, let's stick with that and not fix this.

Comment by Mira Carey [ 13/Mar/14 ]

Kicking this to 0.9 as a possible feature enhancement given the easy workaround (provide valid auth parameters) and the change in semantics (loose -> strict parameter checking).

Generated at Wed Feb 07 21:58:16 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.