[SERVER-78961] Redact BinData 6 values in audit logs Created: 13/Jul/23  Updated: 21/Jul/23

Status: Open
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: William Qian Assignee: Backlog - Query Optimization
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Query Optimization
Participants:

 Description   

At present, BinData 6 values are not automatically redacted in audit logs , including HMAC keys for query stats . Some questions to consider:

  1. Is redacting BinData6 values in the audit logs desirable, or should audit logs contain BinData6 values in the clear?
  2. If we should redact BinData6 values in the audit logs, should it be an opt-in feature (as is currently implemented) or a default behavior (where all BinData6 values are automatically redacted)?
  3. If it should be an opt-in feature, what should this look like? Currently, I've only implemented it for array fields with sensitive field names, but this can be easily extended to object fields, etc.

https://github.com/10gen/mongo-enterprise-modules/pull/1292

EDIT: Query stats HMAC keys now use the newly-introduced BinDataType 8: Sensitive.



 Comments   
Comment by William Qian [ 21/Jul/23 ]

Going to backlog this ticket because this seems not too urgent for the moment, now that we've moved to use BinData 8 instead.

Comment by William Qian [ 17/Jul/23 ]

Current plan is to redact BinData 6 types in the audit logs by default, with a switch to disable the redaction. HMAC key will get its own enum type for unencrypted-but-always-redacted (i.e. not covered by the switch).

Comment by William Qian [ 17/Jul/23 ]

enterprise/jstests/audit/log_query_stats.js will also need need to updated as part of this change.

Generated at Thu Feb 08 06:39:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.