[SERVER-13954] noscripting configuration option not available in YAML configuration file Created: 15/May/14  Updated: 11/Mar/15  Resolved: 16/May/14

Status: Closed
Project: Core Server
Component/s: Admin
Affects Version/s: 2.6.0
Fix Version/s: 2.6.2, 2.7.1

Type: Bug Priority: Major - P3
Reporter: Jon Rangel (Inactive) Assignee: Shaun Verch
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
related to DOCS-3468 For 2.6.2 -- doc javascriptEnabled o... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Sprint: Server 2.7.1
Participants:

 Description   
Issue Status as of May 29, 2014

ISSUE SUMMARY
Server-side execution of JavaScript can't be disabled via a YAML configuration file, as the noscripting option is not properly recognized.

USER IMPACT
mongod does not run when the noscripting option is used in a YAML format configuration file. When the option is removed from the file, mongod runs with server-side JavaScript execution enabled.

WORKAROUNDS
Pass the --noscripting option, or revert to a 2.4 configuration file format

AFFECTED VERSIONS
MongoDB production releases 2.6.0 and 2.6.1 are affected by this issue.

FIX VERSION
The fix is included in the 2.6.2 production release.

RESOLUTION DETAILS
The noscripting option is now recognized when used in the YAML configuration file.

Original description

There's no way to disable server-side JavaScript using the new YAML configuration file format.



 Comments   
Comment by Githook User [ 20/May/14 ]

Author:

{u'name': u'Shaun Verch', u'email': u'shaun.verch@mongodb.com'}

Message: SERVER-13954 Add scriptingEnabled option to YAML config
(cherry picked from commit 86d6043139f01b438281dc19381bf98f663763a3)

Conflicts:
src/mongo/db/mongod_options.cpp
Branch: v2.6
https://github.com/mongodb/mongo/commit/384e8e322958bdfb8f9932784c8a9d378dc3a425

Comment by Githook User [ 16/May/14 ]

Author:

{u'name': u'Shaun Verch', u'email': u'shaun.verch@mongodb.com'}

Message: SERVER-13954 Add scriptingEnabled option to YAML config
Branch: master
https://github.com/mongodb/mongo/commit/86d6043139f01b438281dc19381bf98f663763a3

Comment by Eliot Horowitz (Inactive) [ 15/May/14 ]

Security seems reasonable.
yes, javascriptEnabled sounds good

Comment by Eric Milkie [ 15/May/14 ]

eliot should this go under "security" in the new config file format? That's the only top level category that is somewhat appropriate:

security:
    scriptingEnabled: true

Alternatively, we can put it at the top level by itself. Also, we could say "javascriptEnabled" rather than "scriptingEnabled" if that seems clearer.

Comment by Eliot Horowitz (Inactive) [ 15/May/14 ]

I don't think I would have recommended leaving it out.
It should be in there.

Comment by Eric Milkie [ 15/May/14 ]

eliot Shaun thinks we left this out of the new YAML config file on purpose – do you remember why?

Comment by Eric Milkie [ 15/May/14 ]

I don't recall why we left this one out of the new format.

Generated at Thu Feb 08 03:33:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.