Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-91422

Require authorization to run $documents and other aggregation stages

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Aggregation Framework
    • None
    • Query Optimization

      As part of the effort to reduce the pre-auth surface area of the MongoDB Server, we should change auth::getPrivilegesForAggregate() to require AuthorizationSession::isAuthenticated() == true when auth is enabled. This will help ensure future memory errors and other vulnerabilities in aggregation stages and expressions cannot be as readily exploited.

            Assignee:
            Unassigned Unassigned
            Reporter:
            max.hirschhorn@mongodb.com Max Hirschhorn
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: