[SERVER-12236] Don't query admin.system.users on new localhost connections if the localhost auth bypass has been explicitly disabled Created: 02/Jan/14  Updated: 11/Jul/16  Resolved: 02/Jan/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.4.8, 2.5.4
Fix Version/s: 2.5.5

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-12235 Don't require a database read on ever... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

Currently, anytime an access-control enabled mongod or mongos receive a new connection from localhost, it must issue a query against admin.system.user to determine if there are any users defined in the system, and thus whether or not to grant the connection full access according to the localhost auth bypass.

We do this reads on admin.system.users even if the user has explicitly opted-out of the localhost exception by using setParameter=enableLocalhostAuthBypass=0.

It should be trivial to avoid this unnecessary read when the localhost exception is disabled.



 Comments   
Comment by Githook User [ 02/Jan/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-12236 Don't query admin.system.users on new localhost connections if the localhost auth bypass has been explicitly disabled
Branch: master
https://github.com/mongodb/mongo/commit/7cccec0ff61f573baf17cde32e325b7f2b08e2cb

Generated at Thu Feb 08 03:27:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.