[SERVER-15328] Eliminate unneeded calls to AuthorizationSession::grantInternalAuthorization() Created: 19/Sep/14 Updated: 10/Dec/14 Resolved: 19/Sep/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Andy Schwerin | Assignee: | Andy Schwerin |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
The work done by AuthorizationSession::grantInternalAuthorization is no longer useful, except for granting privileges to the internal web server or to x.509 cluster users, as evidenced by this patch build. The reason is that DBDirectClient now bypasses authorization checks universally, so internal threads no longer need granted privileges to proceed. Since this code no longer impacts behavior, it should be eliminated. |
| Comments |
| Comment by Andy Schwerin [ 19/Sep/14 ] |
|
Turns out something still depends on the behavior; not really worth tracking down at present. |