[SERVER-78961] Redact BinData 6 values in audit logs Created: 13/Jul/23 Updated: 21/Jul/23 |
|
| Status: | Open |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | William Qian | Assignee: | Backlog - Query Optimization |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Query Optimization
|
| Participants: |
| Description |
|
At present, BinData 6 values are not automatically redacted in audit logs
https://github.com/10gen/mongo-enterprise-modules/pull/1292 EDIT: Query stats HMAC keys now use the newly-introduced BinDataType 8: Sensitive. |
| Comments |
| Comment by William Qian [ 21/Jul/23 ] |
|
Going to backlog this ticket because this seems not too urgent for the moment, now that we've moved to use BinData 8 instead. |
| Comment by William Qian [ 17/Jul/23 ] |
|
Current plan is to redact BinData 6 types in the audit logs by default, with a switch to disable the redaction. HMAC key will get its own enum type for unencrypted-but-always-redacted (i.e. not covered by the switch). |
| Comment by William Qian [ 17/Jul/23 ] |
|
enterprise/jstests/audit/log_query_stats.js will also need need to updated as part of this change. |