Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10855

Add a way to specify in createUser and updateUser commands whether the server should hash the password or the driver already has

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 2.5.4
    • Security
    • None
    • Minor Change

    Description

      For password policy enforcement the server needs to receive the password in plain text.
      For users without SSL, however, they probably want a way to continue the existing behavior of hashing the password in the client before sending it over the wire.

      Need to also figure out what the default should be, what the right interface to control this in the drivers is, etc.

      Attachments

        Issue Links

          Activity

            People

              spencer@mongodb.com Spencer Brody (Inactive)
              spencer@mongodb.com Spencer Brody (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: