Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-2749

Driver should hide credentials in exception message

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 2.9.3
    • Affects Version/s: None
    • Component/s: Error Handling
    • Labels:
      None

      The C# driver throws an exception when the connection string is not valid. In one case the error message contains the entire connection string, which would include the username/password if present.

      See:

      https://github.com/mongodb/mongo-csharp-driver/blob/v2.8.1/src/MongoDB.Driver.Core/Core/Configuration/ConnectionString.cs#L671

      While this error message does not necessarily mean the username/password is exposed, error messages are often logged, in which case the username/password could be recorded in places where it shouldn't be.

            Assignee:
            dmitry.lukyanov@mongodb.com Dmitry Lukyanov (Inactive)
            Reporter:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: