Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-14075

[TOOLS] Improve processlist output

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: tools
    • Labels:
      None
    • Last comment by Customer:
      true
    • Story Points:
      3
    • Sprint:
      ServerDocs2020: Jan5 - Jan12, ServerDocs2020: Jan12 - Jan19, ServerDocs2020: Jan19 - Jan26, ServerDocs2020: Jan26 - Feb2, ServerDocs2020: Feb2 - Feb9, ServerDocs2020: Feb9 - Feb16

      Description

      Description

      some docs changes proposed in "behavioral description" section of the tech design doc
      (https://docs.google.com/document/d/1nh_gb_iMapJfCV5eeHFAr_awwckyv73lGZRb6RUih2c/edit#heading=h.2s9zdv6a57gn)

      Engineering Description

      Summary

      The scope for this project aims to determine what action, if any, is needed to prevent or mitigate the visibility of password arguments in ps output.

      Motivation

      Currently, there are two ways to provide a password to the tools. One is on the command line via the --password flag, and the other is via stdin (when --password="" or --username is set without --password). When the password is provided on the command line, it is visible in the output of ps (or, more generally, to anyone with access to the process table).

      Over the years, this behavior has been discussed in the context of the tools (TOOLS-1020), the server (SECURITY-26), and other products like the BI Connector (BI-846). The discussion resurfaced recently.

      Past discussions and product decisions do not clearly indicate the correct course of action for the tools. For example, the mongo shell overwrites passwords in the command-line with “x” characters, while the tools have elected not to do the same in the past, citing security concerns. The BI Connector has also elected not to obscure command-line passwords, as it is possible for users to provide passwords via other means.

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              andrew.feierabend Andrew Feierabend
              Reporter:
              Anonymous Anonymous
              Participants:
              Last commenter:
              Andrew Feierabend Andrew Feierabend
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved:
                Days since reply:
                23 weeks, 6 days ago