Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-1918

Node.js mongoDB driver documentation has incorrect default value for sslValidate

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.2.2
    • Fix Version/s: 3.2.3
    • Component/s: None
    • Labels:
      None

      Description

      The TLS /SSL options at http://mongodb.github.io/node-mongodb-native/3.2/tutorials/connect/ssl/#tls-ssl-options document sslValidate as having a default value of true. Per https://jira.mongodb.org/browse/NODE-1156 - the option is actually false by default since the NODE-1156 bug has not been fixed.

      Having a misleading value of true in the documentation means that developers can easily end up using the client without having TLS certificate validation enabled which opens the application to man-in-the-middle attacks.

      Ideally NODE-1156 would be fixed so that sslValidate is actually enabled by default, however if that is not possible then at least the documentation should be updated.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              katherine.walker Katherine Walker (Inactive)
              Reporter:
              jamiemjennings Jamie Jennings
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: