Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-1918

Node.js mongoDB driver documentation has incorrect default value for sslValidate

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.2.3
    • Affects Version/s: 3.2.2
    • Component/s: None
    • Labels:

      The TLS /SSL options at http://mongodb.github.io/node-mongodb-native/3.2/tutorials/connect/ssl/#tls-ssl-options document sslValidate as having a default value of true. Per https://jira.mongodb.org/browse/NODE-1156 - the option is actually false by default since the NODE-1156 bug has not been fixed.

      Having a misleading value of true in the documentation means that developers can easily end up using the client without having TLS certificate validation enabled which opens the application to man-in-the-middle attacks.

      Ideally NODE-1156 would be fixed so that sslValidate is actually enabled by default, however if that is not possible then at least the documentation should be updated.

            katherine.walker@mongodb.com Katherine Walker (Inactive)
            jamiemjennings Jamie Jennings
            0 Vote for this issue
            2 Start watching this issue