[DOCS-7589] Enable JavaScript Protection by default Created: 06/Apr/16 Updated: 04/Mar/23 Resolved: 14/Nov/16 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual |
| Affects Version/s: | None |
| Fix Version/s: | 3.4.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Shane Harvey | Assignee: | Steve Renaker (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Participants: | |||||||||||||||||
| Days since reply: | 7 years, 13 weeks ago | ||||||||||||||||
| Story Points: | 1 | ||||||||||||||||
| Description |
|
We are turning on --enableJavaScriptProtection in the mongo shell by default and introduced a new flag, --disableJavaScriptProtection, to keep the old behavior. Need to document the behavior of the "--enableJavaScriptProtection" flag in the shell (which has been backported to 3.2). This flag prevents "Code" and "CodeWScope" BSON types from being automatically marshalled to JavaScript functions in the shell. |
| Comments |
| Comment by Githook User [ 17/Nov/16 ] |
|
Author: {u'username': u'kay-kim', u'name': u'kay', u'email': u'kay.kim@10gen.com'}Message: |
| Comment by Githook User [ 17/Nov/16 ] |
|
Author: {u'username': u'steveren', u'name': u'Steve Renaker', u'email': u'steve.renaker@mongodb.com'}Message: Signed-off-by: kay <kay.kim@10gen.com> |
| Comment by Githook User [ 17/Nov/16 ] |
|
Author: {u'username': u'steveren', u'name': u'Steve Renaker', u'email': u'steve.renaker@mongodb.com'}Message: Signed-off-by: kay <kay.kim@10gen.com> |
| Comment by Shane Harvey [ 04/Nov/16 ] |
|
kyle.suarez, the --enableJavaScriptProtection flag was added in version 3.3.2 and backported to 3.2.4 as part of |
| Comment by Kyle Suarez [ 01/Nov/16 ] |
|
shane.harvey, you say in this ticket that the --enableJavaScriptProtection flag has been backported to 3.2, but I don't see any commits nor fixVersion in |