[JAVA-2656] Deprecate MongoClient constructors that take multiple credentials. Created: 10/Nov/17 Updated: 29/Oct/23 Resolved: 15/Nov/17 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | API, Configuration |
| Affects Version/s: | None |
| Fix Version/s: | 3.6.0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Rathi Gnanasekaran | Assignee: | Jeffrey Yemin |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Epic Link: | Java MongoDB 3.6 Support | ||||||||||||||||
| Description |
|
As a consequence of privilege delegation in MongoDB, a MongoClient must eagerly authenticate all credentials that it has been provided. It does not know whether a user has been granted a privilege in another database (e.g. a user defined in database "db1" may have been granted a privilege to read from database "db2"). This makes it dangerous in general to create a MongoClient with more than one credential. In addition, the session support added in MongoDB 3.6 requires that only a single user is authenticated. |
| Comments |
| Comment by Githook User [ 09/Jan/18 ] |
|
Author: {'name': 'Jeff Yemin', 'username': 'jyemin', 'email': 'jeff.yemin@10gen.com'}Message: |
| Comment by Githook User [ 09/Jan/18 ] |
|
Author: {'name': 'Jeff Yemin', 'username': 'jyemin', 'email': 'jeff.yemin@10gen.com'}Message: |
| Comment by Githook User [ 15/Nov/17 ] |
|
Author: {'name': 'Jeff Yemin', 'username': 'jyemin', 'email': 'jeff.yemin@10gen.com'}Message: |
| Comment by Githook User [ 15/Nov/17 ] |
|
Author: {'name': 'Jeff Yemin', 'username': 'jyemin', 'email': 'jeff.yemin@10gen.com'}Message: |
| Comment by Githook User [ 15/Nov/17 ] |
|
Author: {'name': 'Jeff Yemin', 'username': 'jyemin', 'email': 'jeff.yemin@10gen.com'}Message: |