[SERVER-28987] Skip wire compression for certain auth and user management commands Created: 26/Apr/17 Updated: 06/Dec/22 |
|
| Status: | Open |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | None |
| Fix Version/s: | features we're not sure of |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Hannes Magnusson | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | platforms-re-triaged | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Server Security
|
| Sprint: | Security 2019-08-12, Security 2019-08-26, Security 2019-09-09 |
| Participants: |
| Description |
|
When wire protocol compression is enabled, the shell should avoid compressing authentication and user management commands. This would be in effort to mitigate any risks, although very unlikely such as BEAST and CRIME attacks. This includes, but may not be limited to:
|