Node.js mongoDB driver documentation has incorrect default value for sslValidate

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Fixed
    • Priority: Major - P3
    • 3.2.3
    • Affects Version/s: 3.2.2
    • Component/s: None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      The TLS /SSL options at http://mongodb.github.io/node-mongodb-native/3.2/tutorials/connect/ssl/#tls-ssl-options document sslValidate as having a default value of true. Per https://jira.mongodb.org/browse/NODE-1156 - the option is actually false by default since the NODE-1156 bug has not been fixed.

      Having a misleading value of true in the documentation means that developers can easily end up using the client without having TLS certificate validation enabled which opens the application to man-in-the-middle attacks.

      Ideally NODE-1156 would be fixed so that sslValidate is actually enabled by default, however if that is not possible then at least the documentation should be updated.

              Assignee:
              Katherine Walker (Inactive)
              Reporter:
              Jamie Jennings
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: