Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-11415

Warning box for createUser encryption

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Critical - P2
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: manual
    • Labels:
    • Last comment by Customer:
      true
    • Story Points:
      0.5

      Description

      We need a stronger warning about the use of encryption for createUser

      https://docs.mongodb.com/manual/reference/command/createUser/#encryption

      "WARNING: Please note that by default createUser sends a password in plaintext to MongoDB, which can compromise it on insecure networks. Use of SSL/TLS to protect the password in transit is strongly recommended. Many environments require encrypted communications for authentication."

      There already is an "important" box and also a "warning" box above the Encryption section. Perhaps to avoid too many boxes competing for attention, we could we remove the "important" box (it says an error will be thrown, so users will be made aware of this by the error) and downgrade the "warning" box about usability to an "important" box, leaving only the new createUser "warning" box. It is very important we warn people to encrypt this password to avoid security breaches.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ravind.kumar Ravind Kumar (Inactive)
              Reporter:
              davi.ottenheimer Davi Ottenheimer
              Participants:
              Last commenter:
              Anthony Sansone Anthony Sansone
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since reply:
                3 years, 14 weeks, 1 day ago
                Date of 1st Reply: