-
Type:
Improvement
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: API, Configuration
-
None
As a consequence of privilege delegation in MongoDB, a MongoClient must eagerly authenticate all credentials that it has been provided. It does not know whether a user has been granted a privilege in another database (e.g. a user defined in database "db1" may have been granted a privilege to read from database "db2"). This makes it dangerous in general to create a MongoClient with more than one credential.
In addition, the session support added in MongoDB 3.6 requires that only a single user is authenticated.
- is depended on by
-
DRIVERS-419 Deprecate lazy authentication and MongoClient constructors that take multiple credentials.
-
- Closed
-
- is related to
-
-
- Closed
-