Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-75124

HttpClient should allow callers to opt-in to localhost without TLS

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Server Security

      It's very hard to get X.509 certificates which would be valid for the hostname localhost. It's also generally safe to speak to loopback. Some consumers of the HttpClient want to speak HTTP, rather than HTTPS, to the localhost endpoint.

      Right now, the way to do this is by calling allowInsecureHTTP with a boolean which callers compute by parsing the URI to determine whether the URI refers to localhost. Unfortunately, making this determination is hard, and simply asking whether the URI begins with the prefix http://localhost is incorrect, and would permit non-TLS traffic outside of the loopback interface. This creates a real risk that callers introduce serious security issues, while trying to perform simple and reasonable operations.

      We should re-work this API to make this scenario easier to handle correctly.

       

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: