File: security.html

package info (click to toggle)
wiredtiger 3.2.1-1
  • links: PTS
  • area: main
  • in suites: bookworm, bullseye, forky, sid, trixie
  • size: 25,456 kB
  • sloc: ansic: 102,922; python: 52,573; sh: 6,915; java: 6,130; cpp: 2,311; makefile: 1,018; xml: 176
file content (94 lines) | stat: -rw-r--r-- 4,992 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<title>WiredTiger: Security</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtreedata.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<script type="text/javascript">
  $(document).ready(initResizable);
</script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
<link href="wiredtiger.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
 <tbody>
 <tr style="height: 56px;">
  <td id="projectlogo"><a href="http://wiredtiger.com/"><img alt="Logo" src="LogoFinal-header.png" alt="WiredTiger" /></a></td>
  <td style="padding-left: 0.5em;">
   <div id="projectname">
   &#160;<span id="projectnumber">Version 3.2.1</span>
   </div>
   <div id="projectbrief"><!-- 3.2.1 --></div>
  </td>
 </tr>
 </tbody>
</table>
</div>
<div class="banner">
  <a href="https://github.com/wiredtiger/wiredtiger">Fork me on GitHub</a>
  <a class="last" href="http://groups.google.com/group/wiredtiger-users">Join my user group</a>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.13 -->
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
$(function() {
  initMenu('',false,false,'search.php','Search');
});
</script>
<div id="main-nav"></div>
</div><!-- top -->
<div id="side-nav" class="ui-resizable side-nav-resizable">
  <div id="nav-tree">
    <div id="nav-tree-contents">
      <div id="nav-sync" class="sync"></div>
    </div>
  </div>
  <div id="splitbar" style="-moz-user-select:none;" 
       class="ui-resizable-handle">
  </div>
</div>
<script type="text/javascript">
$(document).ready(function(){initNavTree('security.html','');});
</script>
<div id="doc-content">
<div class="header">
  <div class="headertitle">
<div class="title">Security </div>  </div>
</div><!--header-->
<div class="contents">
<div class="textblock"><h1><a class="anchor" id="directory_permissions"></a>
Database directory permissions</h1>
<p>By default, WiredTiger files are stored beneath the database home directory. The WiredTiger database directory should have its permissions set to ensure database objects are not accessible to users without appropriate permissions. See <a class="el" href="home.html">Database Home Directory</a> for more information.</p>
<h1><a class="anchor" id="absolute_path"></a>
Absolute paths</h1>
<p>WiredTiger prepends the name of the database home to file names which do not appear to be absolute paths. (The absolute path test is simplistic, matching a leading slash character on POSIX systems or a leading alphabetic character and colon on Windows.) No file path sanitization or validation is done by WiredTiger, for example, file paths may match universal naming conventions (UNC), or include <code>"../"</code> (dot dot slash) components.</p>
<p>Applications are responsible for validating user-supplied file paths as necessary to prevent directory traversal attacks.</p>
<h1><a class="anchor" id="file_permissions"></a>
File permissions</h1>
<p>WiredTiger creates file system objects readable and writable by the process owner, group and user, as modified by the process' umask value. The group ownership of created file system objects may vary depending on the system, and is not controlled by WiredTiger.</p>
<h1><a class="anchor" id="environment_variables"></a>
Environment variables</h1>
<p>Consider security when configuring WiredTiger to use the WIREDTIGER_HOME environment variable, especially in applications which run with permissions other than the user's. Such applications are potentially vulnerable to allowing users access to databases they could not otherwise access. See <a class="el" href="home.html">Database Home Directory</a> for more information. </p>
</div></div><!-- contents -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
  <ul>
    <li class="navelem"><a class="el" href="index.html">Reference Guide</a></li><li class="navelem"><a class="el" href="admin.html">Managing WiredTiger databases</a></li>
    <li class="footer">Copyright (c) 2008-2019 MongoDB, Inc.  All rights reserved.  Contact <a href="mailto:info@wiredtiger.com">info@wiredtiger.com</a> for more information.</li>
  </ul>
</div>
</body>
</html>