[SERVER-33822] Allow public collections with enabled authentication Created: 12/Mar/18  Updated: 23/Apr/18  Resolved: 16/Mar/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: NOVALUE Mitar Assignee: Kelsey Schubert
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

One use case we are looking into is exposing one collection publicly (read-only) on the Internet, Instead of providing a custom API middleware to access it, we are pretty happy with providing directly the mongo language and access to all the data in the collection. But it seems this is not possible if we also want private collections at the same time (to keep data for the rest of the app logic, like permissions and authentication for users who can modify this public data).

So I would like to request a way to assign a role to an unauthenticated user.



 Comments   
Comment by NOVALUE Mitar [ 17/Mar/18 ]

You referenced this same issue in the comment above? Did you plan to reference some other issue?

What I am trying to achieve is a low latency API. My experimentation showed that having a middleware has a problem that deserialization from BSON and then serialization to JSON for sending over regular APIs have a non-negligible cost. I an not sure if Stitch does here something smarter?

But it seems Stitch is a cloud service, not software we could run ourselves?

Comment by Kelsey Schubert [ 16/Mar/18 ]

Hi mitar,

This behavior seems best to implement at the api level. As an alternative to a custom api, I'd suggest taking a look at MongoDB Stitch, which provides a solution to this use-case and would also address the use-case you raised in SERVER-33822.

Kind regards,
Kelsey

Generated at Thu Feb 08 04:34:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.