<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:53:19 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[JAVA-890] With authentication enabled with a replica set, it is still possible to get the replica status from the java driver even when not authenticated.</title>
                <link>https://jira.mongodb.org/browse/JAVA-890</link>
                <project id="10006" key="JAVA">Java Driver</project>
                    <description>&lt;p&gt;I believe I found a bug after I enabled authentication on my mongodb this day.&lt;/p&gt;

&lt;p&gt;When the server is requiring authentication, it is not possible to view the replica status with rs.status() in the mongo client if you are not authenticated, and I guess this is how it should be. &lt;/p&gt;

&lt;p&gt;However when i tried to view some info of the database with the java driver without authenticating, I get the replica status with no problems. All other commands like client.getDB(dbName) fails since I&apos;m not authenticated. I think this is a security breach?&lt;/p&gt;</description>
                <environment>Tested with version 2.4.5 and 2.2.5 in Ubuntu with the java driver 2.11.1.</environment>
        <key id="82860">JAVA-890</key>
            <summary>With authentication enabled with a replica set, it is still possible to get the replica status from the java driver even when not authenticated.</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="sigurlu">Sigurd Lund</reporter>
                        <labels>
                            <label>driver</label>
                            <label>replicaset</label>
                    </labels>
                <created>Fri, 19 Jul 2013 13:06:57 +0000</created>
                <updated>Fri, 19 Jul 2013 14:48:04 +0000</updated>
                            <resolved>Fri, 19 Jul 2013 14:48:04 +0000</resolved>
                                    <version>2.2</version>
                    <version>2.4</version>
                                                    <component>Authentication</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="384718" author="jeff.yemin" created="Fri, 19 Jul 2013 14:48:04 +0000"  >&lt;p&gt;Cool, thanks for responding.&lt;/p&gt;</comment>
                            <comment id="384708" author="sigurlu" created="Fri, 19 Jul 2013 14:41:16 +0000"  >&lt;p&gt;Ah, I&apos;m using the last one, so that explains it. Thank you.&lt;/p&gt;</comment>
                            <comment id="384699" author="jeff.yemin" created="Fri, 19 Jul 2013 14:34:22 +0000"  >&lt;p&gt;How are you getting the replica set status?  Are you calling db.command(&quot;replSetGetStatus&quot;)? Note that Mongo.getReplicaSetStatus() doesn&apos;t actually use that command, it uses &quot;isMaster&quot;, which does not currently require authentication.   &lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrrqpr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>75716</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>