<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:55:13 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-40516] Ban single-valued BSON types in FLE</title>
                <link>https://jira.mongodb.org/browse/SERVER-40516</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;When a BSON value of any type is encrypted, its value is hidden but its type is deliberately exposed as plaintext. This scheme hides BSON values of type String, Double, etc., but the following BSON types can have only one value:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;0x06 Undefined (deprecated)&lt;/li&gt;
	&lt;li&gt;0x0A Null&lt;/li&gt;
	&lt;li&gt;0xFF Min key&lt;/li&gt;
	&lt;li&gt;0x7F Max key&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Therefore, encrypting a value of a single-valued type leaves its value exposed, since its value is implied by its type. A JSON schema that specifies an encrypted field of one of these types is invalid, and mongocryptd must return an error for such a schema.&lt;/p&gt;</description>
                <environment></environment>
        <key id="731857">SERVER-40516</key>
            <summary>Ban single-valued BSON types in FLE</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="ted.tuckman@mongodb.com">Ted Tuckman</assignee>
                                    <reporter username="jesse@mongodb.com">A. Jesse Jiryu Davis</reporter>
                        <labels>
                    </labels>
                <created>Sat, 6 Apr 2019 14:39:15 +0000</created>
                <updated>Sun, 29 Oct 2023 22:22:14 +0000</updated>
                            <resolved>Fri, 3 May 2019 19:39:37 +0000</resolved>
                                                    <fixVersion>4.1.11</fixVersion>
                                    <component>Querying</component>
                                        <votes>0</votes>
                                    <watches>8</watches>
                                                                                                                <comments>
                            <comment id="2234182" author="xgen-internal-githook" created="Fri, 3 May 2019 19:39:11 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ted Tuckman&apos;, &apos;username&apos;: &apos;TedTuckman&apos;, &apos;email&apos;: &apos;ted.tuckman@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-40516&quot; title=&quot;Ban single-valued BSON types in FLE&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-40516&quot;&gt;&lt;del&gt;SERVER-40516&lt;/del&gt;&lt;/a&gt; Ban single-valued BSON types in encrypt object&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/117a422917ff9110a4ae2b3023e7dc88fb491567&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/117a422917ff9110a4ae2b3023e7dc88fb491567&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2206092" author="jesse" created="Tue, 9 Apr 2019 02:23:59 +0000"  >&lt;p&gt;Could be. If they&apos;re encrypted with nondeterministic encryption then they&apos;re secure, otherwise you can at least see that two documents have the same value for a field (without knowing whether that value is true or false), and you can usually guess from the distribution which is true or false. Nondeterministic encryption is best for any low-cardinality field: an integer field that in practice has only 3 fields is nearly as vulnerable as a boolean if you use deterministic encryption. I think that the single-valued fields are special, though.&lt;/p&gt;</comment>
                            <comment id="2206060" author="kevin.pulo@10gen.com" created="Tue, 9 Apr 2019 01:47:00 +0000"  >&lt;p&gt;Is there a similar argument to be made for BSON booleans, which can only have two possible values (&lt;tt&gt;\x00&lt;/tt&gt; and &lt;tt&gt;\x01&lt;/tt&gt;)?&lt;/p&gt;</comment>
                            <comment id="2205804" author="jesse" created="Mon, 8 Apr 2019 20:48:06 +0000"  >&lt;p&gt;After discussion with &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=behackett&quot; class=&quot;user-hover&quot; rel=&quot;behackett&quot;&gt;behackett&lt;/a&gt;, I have an additional justification for banning these 4 types.&lt;/p&gt;

&lt;p&gt;Our proposed solution to &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-40477&quot; title=&quot;mongocryptd should error when to-be-encrypted element&amp;#39;s type does not match schema&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-40477&quot;&gt;&lt;del&gt;SERVER-40477&lt;/del&gt;&lt;/a&gt; is to require users to specify the type of each encrypted field in the JSON Schema and use only that type when inserting, updating, or querying values of that field. So if a user provides a Null value and wants it auto-encrypted, this means the value is destined for a field that is specified as Null type in the JSON schema, and all values for this field are Null. This is not only insecure but also useless. It seems like such a schema is surely a mistake.&lt;/p&gt;

&lt;p&gt;Explicit encryption without a JSON Schema is different from auto-encryption. A user could store encrypted values of several types in the same field using explicit encryption. In this case we should still ban encryption of single-valued types because encrypting these values does not hide them.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="773878">SERVER-41264</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 8 Apr 2019 14:09:37 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        4 years, 40 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-1258</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            4 years, 40 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>jesse@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>kevin.pulo@mongodb.com</customfieldvalue>
            <customfieldvalue>ted.tuckman@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hutdpz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr7h6n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="2841">Query 2019-05-06</customfieldvalue>
    <customfieldvalue id="2842">Query 2019-05-20</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|huszzb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>