[SERVER-56267] Prevent authentication as multiple users on API versioned connections Created: 22/Apr/21  Updated: 29/Oct/23  Resolved: 30/Apr/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.0.0-rc0

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Benjamin Caimano (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Documented
is documented by DOCS-14395 Investigate changes in SERVER-56267: ... Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2021-05-03
Participants:

 Description   

If a client connects to a database and attempts to authenticate as multiple users, by performing multiple authentication exchanges on multiple databases, we should:

  • Emit a log warning indicating that this behaviour is deprecated
  • Reject the second authentication attempt if they provided an API version and specified {apiStrict: true} for their connection. We should not enforce this limitation if testCommands are enabled, to prevent it from impacting our integration testing infrastructure.


 Comments   
Comment by Githook User [ 29/Apr/21 ]

Author:

{'name': 'Ben Caimano', 'email': 'ben.caimano@10gen.com', 'username': 'bcaimano'}

Message: SERVER-56267 Prevent authentication as multiple users on API versioned connections
Branch: master
https://github.com/mongodb/mongo/commit/8045dadd3189cd1e20685439ef0dc13191025d6b

Generated at Thu Feb 08 05:38:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.