Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-70262

Remove or reduce libmessage's dependency on multitenancy

    • Type: Icon: Task Task
    • Resolution: Won't Do
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security

      The Atlas Serverless 2 team plans to reuse the existing Server library libmessage to support the wire protocol in Serverless Proxy built on Envoy. However, libmessage has a dependency on the multitenancy library. This dependency added many indirect dependencies to the original ~20 mongo dependencies. This adds risks to integrating it into Serverless Proxy on a few aspects.
       

      • Library API - all the dependencies will be a part of the contract and accessible by library consumers.
      • Library behavior - we need to audit the behavior of the library, like the network library, to make sure they don't have side effects or security issues.
      • Code compatibility - there might be potential macro (more likely) and namespace (less likely) conflicts. Global variables and initialization could also affect the final executable.
      • Security risk - it will be a large surface of security risk.
      • Dev productivity - it will slow down the compilation.

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            siyuan.zhou@mongodb.com Siyuan Zhou
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: