[SERVER-31640] Parse Logical Session IDs for authenticated clients under localhost auth bypass Created: 19/Oct/17 Updated: 30/Oct/23 Resolved: 13/Nov/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Code |
| Affects Version/s: | None |
| Fix Version/s: | 3.6.0-rc4 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Spencer Jackson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Sprint: | Platforms 2017-11-13 | ||||
| Participants: | |||||
| Linked BF Score: | 0 | ||||
| Description |
|
A mongos may connect to a shard server using a localhost connection. LSIDs should be parsed from commands executed via this connection. Because the shard may not have local users, this connection may be under the localhost auth bypass, which normally prevents LSID parsing. However, the mongos will authenticate as the __system user. Authentication, even when no users exist on the system, should cause LSID parsing to occur. |
| Comments |
| Comment by Githook User [ 13/Nov/17 ] |
|
Author: {'name': 'Spencer Jackson', 'username': 'spencerjackson', 'email': 'spencer.jackson@mongodb.com'}Message: |