-
Type: Improvement
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Queryable Encryption
-
Server Security
-
Fully Compatible
-
v8.0
-
Security 2024-07-08, Security 2024-07-22
Scope
Ignore placeholder fields for encryption parameters ("min", "max", "trimFactor", "sparsity", and "precision") in the QE range payloads:
- FLE2InsertUpdatePayloadV2
- FLE2FindRangePayloadV2
For consistency with other single-letter fields, consider using short field names:
- "min" as "mi"
- "max" as "ma",
- "trimFactor" as "tf",
- "sparsity" as "s"
- "precision" as "p"
Alternatively: accept all extra fields. Set strict to false in the IDL (example).
Background & Motivation
Placeholders may enable future safeguards proposed in SERVER-91887 without requiring new V3 payloads (8.0 servers can ignore the fields). Local testing suggests the server rejects unrecognized fields in the payloads: "BSON field 'root.foo' is an unknown field".
- has to be done before
-
SERVER-91887 Reject mismatched parameters in QE payloads
- Investigating
- is depended on by
-
MONGOCRYPT-705 Send encryption parameters in QE range payloads
- Closed