Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-890

With authentication enabled with a replica set, it is still possible to get the replica status from the java driver even when not authenticated.

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor - P4 Minor - P4
    • None
    • 2.2, 2.4
    • Authentication
    • Tested with version 2.4.5 and 2.2.5 in Ubuntu with the java driver 2.11.1.

    Description

      I believe I found a bug after I enabled authentication on my mongodb this day.

      When the server is requiring authentication, it is not possible to view the replica status with rs.status() in the mongo client if you are not authenticated, and I guess this is how it should be.

      However when i tried to view some info of the database with the java driver without authenticating, I get the replica status with no problems. All other commands like client.getDB(dbName) fails since I'm not authenticated. I think this is a security breach?

      Attachments

        Activity

          People

            Unassigned Unassigned
            sigurlu Sigurd Lund
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: