-
Type:
Improvement
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: Internal Code
-
Query Execution
-
None
-
3
-
None
-
None
-
None
-
None
-
None
-
None
The existence of "God mode"complicates the mongod security story.
Internal worker threads not acting directly on behalf of clients can use the following code to grant their client object full privileges.
cc()->getAuthorizationSession()->grantInternalAuthorization(
UserName("threadName", "local"));
The other uses are the main() thread during startup and the authorization session code for looking up and manipulating user documents as part of user management commands. The main thread can use internal authorization, so that just leaves the user management code.
- related to
-
-
- Closed
-