-
Type: Improvement
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Internal Code
-
Fully Compatible
-
v4.0, v3.6
-
Platforms 2018-05-07, Platforms 2018-05-21, Platforms 2018-06-04
-
45
Most Commands have a requiresAuth()==true condition (the default).
For those commands, we shouldn't parse() their request unless the client is authenticated.
These requests are going to be rejected anyway, so there's no user-visible change, but we could be making the rejection decision more securely and efficiently.
- causes
-
SERVER-35382 _isSelf command needs to be marked requiresAuth false
- Closed
-
SERVER-35463 Mark listCommands as pre-auth
- Closed
- is related to
-
SERVER-38390 Set requiresAuth to false for certain commands
- Closed
- related to
-
SERVER-35463 Mark listCommands as pre-auth
- Closed
-
SERVER-12143 Make some unauthenticated commands require auth
- Closed