[SERVER-10923] $out can overwrite reserved collections in the "local" database Created: 26/Sep/13 Updated: 10/Dec/14 Resolved: 26/Sep/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Aggregation Framework |
| Affects Version/s: | 2.5.2 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Matt Dannenberg | Assignee: | Mathias Stearn |
| Resolution: | Done | Votes: | 0 |
| Labels: | 26qa | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Operating System: | ALL | ||||
| Participants: | |||||
| Description |
|
this could completely wreck replication |
| Comments |
| Comment by Andy Schwerin [ 26/Sep/13 ] |
|
Hard to say. It's a mish-mash, now, but I would like to eventually get to a place where we use one mechanism for all of these access controls. If this is a bug, it's not about aggregation, per se. |
| Comment by Matt Dannenberg [ 26/Sep/13 ] |
|
I can. I guess we shouldn't be protecting against this except with auth? |
| Comment by Andy Schwerin [ 26/Sep/13 ] |
|
Can you insert into said collections? What about with access control enabled (--auth)? (May want to re-test after |