Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-76424

Change option names from redact to applyHmac

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 7.1.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • QI 2023-05-01, QI 2023-05-15

      Summary

      This requires changing the option name for the following options:

      (1) redactIdentifiers -> applyHmacToIdentifiers

      (2) redactionKey -> hmacKey

       

      Invoking a command would look like:

      db.adminCommand({
        aggregate: 1,
        pipeline: [
          {$queryStats: {applyHmacToIdentifiers: <boolean>, hmacKey: <bindata>}},
          {$sort: {"metrics.execCount": -1}}
        ]
      })

      Motivation

      The commonly accepted security definition of 'redaction' means to remove completely. Because we are hashing with HMAC, 'transformed' is a more accurate term to use. Even though this is a purely internal use, we care about the parameter names because calls to $queryStats are found in the audit log, which customers will have access to. We will look to the $queryStat entries in the audit log in order to prove to customers we are in fact safely transforming their data to ensure the highest standards of customer data security and privacy.

            Assignee:
            ted.tuckman@mongodb.com Ted Tuckman
            Reporter:
            colby.ing@mongodb.com Colby Ing
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: