Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-40516

Ban single-valued BSON types in FLE

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.1.11
    • Affects Version/s: None
    • Component/s: Querying
    • None
    • Fully Compatible
    • Query 2019-05-06, Query 2019-05-20

      When a BSON value of any type is encrypted, its value is hidden but its type is deliberately exposed as plaintext. This scheme hides BSON values of type String, Double, etc., but the following BSON types can have only one value:

      • 0x06 Undefined (deprecated)
      • 0x0A Null
      • 0xFF Min key
      • 0x7F Max key

      Therefore, encrypting a value of a single-valued type leaves its value exposed, since its value is implied by its type. A JSON schema that specifies an encrypted field of one of these types is invalid, and mongocryptd must return an error for such a schema.

            Assignee:
            ted.tuckman@mongodb.com Ted Tuckman
            Reporter:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: