[DRIVERS-2687] Add BSON Binary Data subtype Sensitive Created: 27/Jul/23 Updated: 20/Dec/23 |
|
| Status: | Implementing |
| Project: | Drivers |
| Component/s: | BSON |
| Fix Version/s: | None |
| Type: | Spec Change | Priority: | Minor - P4 |
| Reporter: | William Qian | Assignee: | Noah Stapp |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Driver Changes: | Needed | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Server Compat: | 7.1 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Downstream Changes Summary: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Engineering Lead: | |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Program Manager: | |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Start date: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Driver Compliance: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description |
|
Downstream Change Summary
SummaryIntroducing BSON Binary Data subtype 8: Sensitive. MotivationWho is the affected end user?First and foremost, query stats users who wish to supply their own HMAC key will do so via this subtype. How does this affect the end user?Sensitive binary data are excluded from logging wherever possible, creating more security for sensitive values like HMAC keys. How likely is it that this problem or use case will occur?This will affect all query stats calls. If the problem does occur, what are the consequences and how severe are they?Without proper support for this subtype, users will not be able to use custom HMAC keys for query stats due to IDL binary data subtype validation. Is this issue urgent?A little. Query stats is not yet GA, but will be soon. Is this ticket required by a downstream team?Needed by query stats (and by extension, Atlas). Is this ticket only for tests?No. |
| Comments |
| Comment by Charlie Swanson [ 20/Dec/23 ] |
|
noah.stapp@mongodb.com can we close this ticket? It looks like it's been implemented in the spec? Or is there more work to do here? In any case, I will move it out of PM-2885 epic since we are closing that epic. I will link it as 'caused by' I guess? |
| Comment by Githook User [ 04/Aug/23 ] |
|
Author: {'name': 'Noah Stapp', 'email': 'noah.stapp@mongodb.com', 'username': 'NoahStapp'}Message: DRIVERS-2687 Add BSON Binary Data subtype Sensitive (#1446) |
| Comment by Bernie Hackett [ 28/Jul/23 ] |
|
That makes sense. The scope of this is, more or less, add a test here: The BSON spec is at bsonspec.org, which I believe the docs team owns. |
| Comment by William Qian [ 28/Jul/23 ] |
|
Yes, it's to ask that this be incorporated into enums and the spec online. |
| Comment by Bernie Hackett [ 28/Jul/23 ] |
|
I would hope, and be shocked if this isn't true, that all drivers already support creating a BSON Binary with an arbitrary subtype. Otherwise users can't use custom binary subtypes in the type range reserved for user applications. Is the ask here to make a special language specific type for this? |