[SERVER-12383] Add upper bound for the userCacheInvalidationInterval Created: 16/Jan/14  Updated: 31/Mar/14  Resolved: 29/Jan/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.4
Fix Version/s: 2.5.5

Type: Improvement Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to DOCS-2877 add bounds for userCacheInvalidationI... Closed
Backwards Compatibility: Fully Compatible
Participants:

 Description   

Implement an upper bound on the parameter userCacheInvalidationInterval to prevent a malicious user to disable privilege change propagation.

Suggested maximum time 24 hours.



 Comments   
Comment by Andreas Nilsson [ 29/Jan/14 ]

To docs,

The allowed user cache invalidation interval interval is [30 sec, 86400 sec]. That is added an upper bound of 24 hours.

Comment by Githook User [ 29/Jan/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-12383 Add upper bound for userCacheInvalidationInterval
Branch: master
https://github.com/mongodb/mongo/commit/823a3e4929a62944e20ab808fc6324692d89ae68

Generated at Thu Feb 08 03:28:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.