<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:05:57 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-12732] Docs for SERVER-40477: mongocryptd should error when to-be-encrypted element&apos;s type does not match schema</title>
                <link>https://jira.mongodb.org/browse/DOCS-12732</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;h2&gt;&lt;a name=&quot;Description&quot;&gt;&lt;/a&gt;Description&lt;/h2&gt;
&lt;blockquote&gt;
&lt;h3&gt;&lt;a name=&quot;Description%3A&quot;&gt;&lt;/a&gt;Description: &lt;/h3&gt;

&lt;p&gt;See the query feature support document for FLE: &lt;a href=&quot;https://docs.google.com/document/d/1r8jB7qr25UPW76-EFyR7DQsZ2ApPcRxGTRrFpBErsa4/edit&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.google.com/document/d/1r8jB7qr25UPW76-EFyR7DQsZ2ApPcRxGTRrFpBErsa4/edit&lt;/a&gt;. I&apos;d be happy to answer or questions or take docs CRs.&lt;/p&gt;

&lt;h3&gt;&lt;a name=&quot;EngineeringTicketDescription%3A&quot;&gt;&lt;/a&gt;Engineering Ticket Description:&lt;/h3&gt;

&lt;p&gt;In order to ensure that the FLE system works transparently for equality predicates against encrypted fields, we must implement the following constraints:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Any field encrypted with the deterministic algorithm must specify exactly one BSON type. This was implemented under &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-40627&quot; title=&quot;[FLE] Ban schemas which define a deterministic encrypted field without an explicit single encrypt.bsonType&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-40627&quot;&gt;&lt;del&gt;SERVER-40627&lt;/del&gt;&lt;/a&gt;.&lt;/li&gt;
	&lt;li&gt;Queries can only contain equality predicates against encrypted an encrypted field if the field is encrypted with the deterministic algorithm. This was implemented under &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-40378&quot; title=&quot;[FLE] Reject queries involving fields which are encrypted with randomized algo&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-40378&quot;&gt;&lt;del&gt;SERVER-40378&lt;/del&gt;&lt;/a&gt;.&lt;/li&gt;
	&lt;li&gt;The BSON type of the constant for an equality predicate must match the BSON type specified in the JSON Schema. Implementing this final constraint is the work tracked by this ticket.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Taken together, these restrictions prevent a situation where users can issue a query against an encrypted field such as {ssn: {$eq: NumberInt(12345678)}} and expect matches where &lt;tt&gt;ssn&lt;/tt&gt; can be any of the types {int, long, double, decimal}. One cannot build an application using FLE which queries mixed-type encrypted fields. Instead, when using deterministic encryption to ensure queryability, users must define a schema which names exactly one type for the encrypted field. Furthermore, they must write the query so that any constant in an equality predicate against the encrypted field has matching type. For instance, if a user creates a schema specifying that &lt;tt&gt;ssn&lt;/tt&gt; is deterministically encrypted int, they may not run an equality query such as {ssn: {$eq: NumberLong(12345678)}}, since &quot;long&quot; is not the type specified in the schema.&lt;/p&gt;

&lt;h3&gt;&lt;a name=&quot;Originaldescription&quot;&gt;&lt;/a&gt;Original description&lt;/h3&gt;

&lt;p&gt;BSONElement equality semantics involve a logical comparison function rather than byte-wise equality. Therefore, two equal BSONElements may result in unequal ciphertext after encryption, even with the &quot;Deterministic&quot; encryption algorithm. If we want FLE equality to work transparently, the client should encrypt a KeyString encoding. Decryption would similarly be a two-step process in which we decrypt and then decode the KeyString.&lt;/p&gt;

&lt;p&gt;The simplest example of this is integers of different types. The integer 42 can be BSON-encoded as either a NumberDouble, NumberInt, or NumberLong. The actual bytes inside the BSONElement are different for all three cases, yet all three are considered equal.&lt;/p&gt;&lt;/blockquote&gt;

&lt;h2&gt;&lt;a name=&quot;Scopeofchanges&quot;&gt;&lt;/a&gt;Scope of changes&lt;/h2&gt;

&lt;h2&gt;&lt;a name=&quot;ImpacttoOtherDocs&quot;&gt;&lt;/a&gt;Impact to Other Docs&lt;/h2&gt;

&lt;h2&gt;&lt;a name=&quot;MVP%28WorkandDate%29&quot;&gt;&lt;/a&gt;MVP (Work and Date)&lt;/h2&gt;

&lt;h2&gt;&lt;a name=&quot;Resources%28ScopeorDesignDocs%2CInvision%2Cetc.%29&quot;&gt;&lt;/a&gt;Resources (Scope or Design Docs, Invision, etc.)&lt;/h2&gt;
</description>
                <environment></environment>
        <key id="773881">DOCS-12732</key>
            <summary>Docs for SERVER-40477: mongocryptd should error when to-be-encrypted element&apos;s type does not match schema</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="kay.kim@mongodb.com">Kay Kim</reporter>
                        <labels>
                            <label>docs-4.2-client-side-encryption</label>
                            <label>docs-fle</label>
                    </labels>
                <created>Tue, 21 May 2019 21:09:55 +0000</created>
                <updated>Mon, 13 Nov 2023 18:20:59 +0000</updated>
                            <resolved>Mon, 8 Jul 2019 23:19:17 +0000</resolved>
                                                    <fixVersion>4.1.12</fixVersion>
                    <fixVersion>Server_Docs_20231030</fixVersion>
                    <fixVersion>Server_Docs_20231106</fixVersion>
                    <fixVersion>Server_Docs_20231105</fixVersion>
                    <fixVersion>Server_Docs_20231113</fixVersion>
                                    <component>manual</component>
                    <component>Server</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="2316135" author="ravind.kumar" created="Mon, 8 Jul 2019 23:19:17 +0000"  >&lt;p&gt;Duplicates ongoing FLE work.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                            <outwardlinks description="documents">
                                        <issuelink>
            <issuekey id="729786">SERVER-40477</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                                        </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 8 Jul 2019 23:19:17 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        4 years, 31 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>DOCS-11762</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>emet.ozar@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            4 years, 31 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>kay.kim@mongodb.com</customfieldvalue>
            <customfieldvalue>ravind.kumar</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hv0hvb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|huprwn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hv044n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>