[SERVER-75683] Return error if encryptedFields contains eccCollection Created: 05/Apr/23 Updated: 29/Oct/23 Resolved: 12/May/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Queryable Encryption |
| Affects Version/s: | None |
| Fix Version/s: | 7.1.0-rc0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Kevin Albertson | Assignee: | Shreyas Kalyan |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Assigned Teams: |
Server Security
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Sprint: | Security 2023-05-15 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Linked BF Score: | 69 | ||||||||||||||||
| Description |
Proposal
Background & Motivation
QEv1 drivers will continue to send eccCollection. QEv1 drivers will not receive an error when creating a QE collection. An error may not be received until sending an incompatible QEv1 payload. This may result in unusable QEv1 collections (including eccCollection) being created. Returning an error if eccCollection is included may help a user discover they need to upgrade their driver. The error could suggest a driver upgrade is necessary to use QEv2. Example: "Driver support of Queryable Encryption is incompatible with server. Upgrade driver to use Queryable Encryption." This may require updating the validateEncryptedFieldConfig: https://github.com/10gen/mongo/blob/f3ba48c674d343482a4e43d6ff1ab9e0da339c5f/src/mongo/crypto/encryption_fields_validation.cpp#L243-L248 |
| Comments |
| Comment by Githook User [ 31/May/23 ] |
|
Author: {'name': 'Jeremy Mikola', 'email': 'jmikola@gmail.com', 'username': 'jmikola'}Message: |
| Comment by Githook User [ 12/May/23 ] |
|
Author: {'name': 'Shreyas Kalyan', 'email': 'shreyas.kalyan@mongodb.com', 'username': 'shreyaskal'}Message: |