Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-9446

No sanity check of role existence when creating users

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.5.3
    • Affects Version/s: 2.4.3
    • Component/s: Security
    • None
    • ALL

      When calling AddUser to add a new user or modifying the roles array no verification is done that the role actually exists.

      This allows for simple typos to cause unpredictable authorization behavior and potentially permission problems which are very difficult to troubleshoot. If the system allowed for custom defined roles the case would be even stronger.

            Assignee:
            spencer@mongodb.com Spencer Brody (Inactive)
            Reporter:
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: