-
Type: Improvement
-
Resolution: Fixed
-
Priority: Critical - P2
-
Affects Version/s: None
-
Component/s: manual
-
Labels:
-
0.5
We need a stronger warning about the use of encryption for createUser
https://docs.mongodb.com/manual/reference/command/createUser/#encryption
"WARNING: Please note that by default createUser sends a password in plaintext to MongoDB, which can compromise it on insecure networks. Use of SSL/TLS to protect the password in transit is strongly recommended. Many environments require encrypted communications for authentication."
There already is an "important" box and also a "warning" box above the Encryption section. Perhaps to avoid too many boxes competing for attention, we could we remove the "important" box (it says an error will be thrown, so users will be made aware of this by the error) and downgrade the "warning" box about usability to an "important" box, leaving only the new createUser "warning" box. It is very important we warn people to encrypt this password to avoid security breaches.
- links to