-
Type: Bug
-
Resolution: Done
-
Priority: Minor - P4
-
Affects Version/s: 1.2.2
-
Component/s: CLI Module
-
None
-
Environment:*nix command shell
-
2
-
Not Needed
Problem Statement/Rationale
If a -username is passed to mongosh without a -password, it will interactively prompt the user for their password. This is well-known to be more secure than providing the password on the command line (which can cause it to accidentally end up in the user's bash history file, or be visible during screen sharing, for example).
Currently the shell uses stdout for this "Enter password:" prompt, which causes it to be mixed in with the actual output. Outputting the prompt to stderr, rather than to stdout, will still display the prompt when piping/redirecting output.
Steps to Reproduce
Run: "mongosh --quiet --username foobar --eval 'show collections' > /dev/null" from a command prompt.
Expected Results
$ mongosh --quiet --username foobar --eval 'show collections' > /dev/null Enter password:
Password prompt (and masked password) is displayed on stderr.
Actual Results
$ mongosh --quiet --username foobar --eval 'show collections' > /dev/null
No password prompt is displayed.
Additional Notes
Similar issue for the old mongo shell: https://jira.mongodb.org/browse/SERVER-31176