[SERVER-2415] simplify security fir serverStatus() WAS: REST API - serverStatus is missing memory data Created: 27/Jan/11 Updated: 12/Jul/16 Resolved: 27/Jan/11 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Tools |
| Affects Version/s: | 1.7.5 |
| Fix Version/s: | 1.7.6 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Ryan Nitz | Assignee: | Eliot Horowitz (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL |
| Participants: |
| Description |
|
It's missing this : "mem" : { "bits" : 64, "resident" : 20, "virtual" : 2484, "supported" : true, "mapped" : 80 }, Actual: { "host" : "computer:27018", "version" : "1.7.5-pre-", "uptime" : 2947, "uptimeEstimate" : 2904, "localTime" : { "$date" : 1296100898236 }, "globalLock" : { "totalTime" : 2946382204, "lockTime" : 30079, "ratio" : 1.020879095697932e-05, "currentQueue" : { "total" : 0, "readers" : 0, "writers" : 0 }, "activeClients" : { "total" : 0, "readers" : 0, "writers" : 0 }}, "connections" : { "current" : 1, "available" : 9999 }, "indexCounters" : { "btree" : { "accesses" : 0, "hits" : 0, "misses" : 0, "resets" : 0, "missRatio" : 0 }}, "backgroundFlushing" : { "flushes" : 49, "total_ms" : 829, "average_ms" : 16.91836734693878, "last_ms" : 16, "last_finished" : { "$date" : 1296100891798 }}, "cursors" : { "totalOpen" : 0, "clientCursors_size" : 0, "timedOut" : 0 }, "network" : { "bytesIn" : 1504, "bytesOut" : 3766, "numRequests" : 21 }, "opcounters" : { "insert" : 0, "query" : 8, "update" : 0, "delete" : 0, "getmore" : 0, "command" : 15 }, "asserts" : { "regular" : 0, "warning" : 0, "msg" : 0, "user" : 1, "rollovers" : 0 }, "writeBacksQueued" : false, "note" : "run against admin for more info" } |
| Comments |
| Comment by auto [ 27/Jan/11 ] |
|
Author: {u'login': u'erh', u'name': u'Eliot Horowitz', u'email': u'eliot@10gen.com'}Message: "mem" has same permissions as other fields |
| Comment by Eliot Horowitz (Inactive) [ 27/Jan/11 ] |
|
"mem" can be seen without special auth |
| Comment by Ryan Nitz [ 27/Jan/11 ] |
|
Same result with digest (i.e., missing). Why is this one metric more secure than the rest? It seems like the rest are in tact. Request headers: Request URL:http://192.168.0.55:28019/serverStatus |
| Comment by Eliot Horowitz (Inactive) [ 27/Jan/11 ] |
|
Its a security issue. |
| Comment by Ryan Nitz [ 27/Jan/11 ] |
|
Yes... running with auth. |
| Comment by Eliot Horowitz (Inactive) [ 27/Jan/11 ] |
|
Working for me.. |
| Comment by Ryan Nitz [ 27/Jan/11 ] |
|
It's actually on 1.7.5-pre |
| Comment by Eliot Horowitz (Inactive) [ 27/Jan/11 ] |
|
Which url are you hitting? |