[SERVER-34653] don't even parse requiresAuth commands unless client is authenticated Created: 24/Apr/18 Updated: 29/Oct/23 Resolved: 31/May/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Code |
| Affects Version/s: | None |
| Fix Version/s: | 4.0.0, 4.1.1 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Billy Donahue | Assignee: | Billy Donahue |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||||||||||||||
| Backport Requested: |
v4.0, v3.6
|
||||||||||||||||||||||||||||||||||||
| Sprint: | Platforms 2018-05-07, Platforms 2018-05-21, Platforms 2018-06-04 | ||||||||||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||||||||||
| Linked BF Score: | 45 | ||||||||||||||||||||||||||||||||||||
| Description |
|
Most Commands have a requiresAuth()==true condition (the default). These requests are going to be rejected anyway, so there's no user-visible change, but we could be making the rejection decision more securely and efficiently. |
| Comments |
| Comment by Githook User [ 05/Jun/18 ] |
|
Author: {'username': 'BillyDonahue', 'name': 'Billy Donahue', 'email': 'billy.donahue@mongodb.com'}Message: (cherry picked from commit 85dc8dd191cbfcddd94a0ac0216f07c7be616cd6) |
| Comment by Billy Donahue [ 01/Jun/18 ] |
|
https://github.com/mongodb/mongo/commit/85dc8dd191cbfcddd94a0ac0216f07c7be616cd6 |
| Comment by Githook User [ 31/May/18 ] |
|
Author: {'username': 'BillyDonahue', 'name': 'Billy Donahue', 'email': 'billy.donahue@mongodb.com'}Message: Revert "Revert " This reverts commit 7d0ea48dc8522f41e93b86d9c8f77c64b623ba60. no MakeGuard (the lambda might throw) |
| Comment by Billy Donahue [ 29/May/18 ] |
| Comment by Githook User [ 25/May/18 ] |
|
Author: {'username': 'louiswilliams', 'name': 'Louis Williams', 'email': 'louis.williams@mongodb.com'}Message: Revert " This reverts commit f2e762dc80e63fa47bd4c1d48e05f628464b0f54. |
| Comment by Githook User [ 25/May/18 ] |
|
Author: {'username': 'BillyDonahue', 'name': 'Billy Donahue', 'email': 'billy.donahue@mongodb.com'}Message: |
| Comment by Githook User [ 16/May/18 ] |
|
Author: {'email': 'billy.donahue@mongodb.com', 'username': 'BillyDonahue', 'name': 'Billy Donahue'}Message: |
| Comment by Githook User [ 10/May/18 ] |
|
Author: {'name': 'Billy Donahue', 'email': 'billy.donahue@mongodb.com', 'username': 'BillyDonahue'}Message: Also relevant to |
| Comment by Billy Donahue [ 09/May/18 ] |
|
| Comment by Githook User [ 09/May/18 ] |
|
Author: {'email': 'billy.donahue@mongodb.com', 'name': 'Billy Donahue', 'username': 'BillyDonahue'}Message: |
| Comment by Billy Donahue [ 04/May/18 ] |
|
Another supporting code change. |
| Comment by Githook User [ 02/May/18 ] |
|
Author: {'email': 'billy.donahue@mongodb.com', 'name': 'Billy Donahue', 'username': 'BillyDonahue'}Message: |
| Comment by Billy Donahue [ 25/Apr/18 ] |
|
These commits should have gone to https://github.com/10gen/mongo-enterprise-modules/commit/7007d37047934dbdd05252c22c31cca781acb9df |
| Comment by Githook User [ 25/Apr/18 ] |
|
Author: {'email': 'billy.donahue@mongodb.com', 'username': 'BillyDonahue', 'name': 'Billy Donahue'}Message: |
| Comment by Githook User [ 25/Apr/18 ] |
|
Author: {'email': 'billy.donahue@mongodb.com', 'username': 'BillyDonahue', 'name': 'Billy Donahue'}Message: |