Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10855

Add a way to specify in createUser and updateUser commands whether the server should hash the password or the driver already has

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.4
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Minor Change

      Description

      For password policy enforcement the server needs to receive the password in plain text.
      For users without SSL, however, they probably want a way to continue the existing behavior of hashing the password in the client before sending it over the wire.

      Need to also figure out what the default should be, what the right interface to control this in the drivers is, etc.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              spencer Spencer Brody (Inactive)
              Reporter:
              spencer Spencer Brody (Inactive)
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: