Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13427

Shell should verify that user password is a string during user creation

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 2.7.0
    • 2.4.9, 2.6.0-rc2
    • Shell
    • None
    • Minor Change

    Description

      If the shell blindly accepts the password without checking the type, it will pass it into the md5 function which will coerce the password into a string. This could make it impossible to authenticate later if you are using an authentication mechanism where the password is digested server-side.

      Attachments

        Activity

          People

            spencer@mongodb.com Spencer Brody (Inactive)
            spencer@mongodb.com Spencer Brody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: