|
readonly user can save data through mapreduce function with a out-collectionName
1、create a readonly user on a db
2、use this user to connect and auth on command line
3、test "readOnly" works well by db.coll.save,then it fail and print "unauthorized"
// but ...
4、create a simple map-reduce function test, such http://api.mongodb.org/wiki/current/MapReduce.html, Examples => Shell Example 1, and specify out-param with a name "coll".
5、after map-reduce finish, we will see the result in the "coll".
in another words, with a magic map/reduce function, a readOnly user can save anything...
it's terrible.
|