Change authz killCursor behavior #26
Labels
enhancement
New feature or request
Comments
jacksontj
added a commit
to jacksontj/mongoproxy
that referenced
this issue
Mar 16, 2023
created on the same session. Fixes wish#26
jacksontj
added a commit
to jacksontj/mongoproxy
that referenced
this issue
Mar 16, 2023
created on the same session. Fixes wish#26
jacksontj
added a commit
to jacksontj/mongoproxy
that referenced
this issue
Mar 17, 2023
created on the same session. Fixes wish#26
jacksontj
added a commit
to jacksontj/mongoproxy
that referenced
this issue
Mar 17, 2023
created on the same session. Fixes wish#26
jacksontj
added a commit
to jacksontj/mongoproxy
that referenced
this issue
Mar 17, 2023
created on the same session. Fixes wish#26
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current killCursor implementation simply maps to a global delete permission. This was "accurate" based on old mongo behavior (<4.2) -- but in later versions users are always allowed to killCursor on cursors they created. So to do this we simply need to change the plugin to check the cursor cache (assocatied with the connection) and if the cursor they are killing is in there -- it doesn't need permissions. Then if the cursorId is not in the cache -- then we should check the same global delete permission.
The text was updated successfully, but these errors were encountered: