INTPYTHON-451 Remove support for database caching

This reverts commit 64b1c10.

Author: timgraham

django_mongodb_backend/cache.py

@@ -1,10 +1,6 @@
 from django.conf import settings
 from django.db.backends.base.creation import BaseDatabaseCreation
 
-from django_mongodb_backend.management.commands.createcachecollection import (
-    Command as CreateCacheCollection,
-)
-
 
 class DatabaseCreation(BaseDatabaseCreation):
     def _execute_create_test_db(self, cursor, parameters, keepdb=False):
@@ -24,15 +20,6 @@ def _destroy_test_db(self, test_database_name, verbosity):
             if not collection.startswith("system."):
                 self.connection.database.drop_collection(collection)
 
-    def create_test_db(self, *args, **kwargs):
-        test_database_name = super().create_test_db(*args, **kwargs)
-        # Not using call_command() avoids the requirement to put
-        # "django_mongodb_backend" in INSTALLED_APPS.
-        CreateCacheCollection().handle(
-            database=self.connection.alias, verbosity=kwargs["verbosity"]
-        )
-        return test_database_name
-
     def destroy_test_db(self, old_database_name=None, verbosity=1, keepdb=False, suffix=None):
         super().destroy_test_db(old_database_name, verbosity, keepdb, suffix)
         # Close the connection to the test database.

django_mongodb_backend/creation.py

@@ -51,11 +51,6 @@ Forms
 
 - :doc:`ref/forms`
 
-Core functionalities
-====================
-
-- :doc:`topics/cache`
-
 Miscellaneous
 =============
 

django_mongodb_backend/management/__init__.py

@@ -13,16 +13,3 @@ in the :setting:`INSTALLED_APPS` setting.
 
 Available commands
 ==================
-
-``createcachecollection``
--------------------------
-
-.. django-admin:: createcachecollection
-
-    Creates the cache collection for use with the :doc:`database cache backend
-    </topics/cache>` using the information from your :setting:`CACHES` setting.
-
-    .. django-admin-option:: --database DATABASE
-
-        Specifies the database in which the cache collection(s) will be created.
-        Defaults to ``default``.

django_mongodb_backend/management/commands/__init__.py

@@ -7,6 +7,10 @@ Django MongoDB Backend 5.1.x
 
 *Unreleased*
 
+- Backward-incompatible: Removed support for database caching as the MongoDB security
+  team considers the cache backend's ``pickle`` encoding of cached values a
+  vulnerability. If an attacker compromises the database, they could run arbitrary
+  commands on the application server.
 - Fixed crash when loading models with a null value for ``ArrayField``\s where
   the ``base_field`` uses a database converter.
 - Fixed ``RecursionError`` when using ``Trunc`` database functions on non-MongoDB
@@ -39,7 +43,7 @@ Django MongoDB Backend 5.1.x
   :attr:`~.ArrayField.size` parameter is renamed to
   :attr:`~.ArrayField.max_size`. The :attr:`~.ArrayField.size` parameter is now
   used to enforce fixed-length arrays.
-- Added support for :doc:`database caching </topics/cache>`.
+- Added support for database caching (later removed in beta 4).
 - Fixed ``QuerySet.raw_aggregate()`` field initialization when the document key
   order doesn't match the order of the model's fields.
 

django_mongodb_backend/management/commands/createcachecollection.py

@@ -18,6 +18,14 @@ New features
   :class:`~.fields.PolymorphicEmbeddedModelArrayField` for storing a model
   instance or list of model instances that may be of more than one model class.
 
+Backwards incompatible changes
+------------------------------
+
+- Removed support for database caching as the MongoDB security team considers the cache
+  backend's ``pickle`` encoding of cached values a vulnerability. If an attacker
+  compromises the database, they could run arbitrary commands on the application
+  server.
+
 Bug fixes
 ---------