Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34653

don't even parse requiresAuth commands unless client is authenticated

    • Fully Compatible
    • v4.0, v3.6
    • Platforms 2018-05-07, Platforms 2018-05-21, Platforms 2018-06-04
    • 45

      Most Commands have a requiresAuth()==true condition (the default).
      For those commands, we shouldn't parse() their request unless the client is authenticated.

      These requests are going to be rejected anyway, so there's no user-visible change, but we could be making the rejection decision more securely and efficiently.

            Assignee:
            billy.donahue@mongodb.com Billy Donahue
            Reporter:
            billy.donahue@mongodb.com Billy Donahue
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: