Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17180

Don't create a connection back to ourself in copydb if "fromhost" is missing and credentials provided

    XMLWordPrintableJSON

Details

    • Server Security
    • ALL
    • Security 0 03/13/15], Security 1 04/03/15

    Description

      Usually if you run "copydb" but do not include a "fromhost" field, we assume you are copying from yourself and use a DBDirectClient instead of a real connection to the source server. If you specify a username/password, however, the driver will likely run copydbgetnonce/copydbsaslstart, which will create an actual connection back to ourself on localhost. Easiest fix is probably to make copydbsaslstart and copydbgetnonce fail if "fromhost" is emtpy, as if you're copying from yourself you shouldn't provide credentials anyway, you should just authenticate your connection to an appropriate user before running copydb.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            spencer@mongodb.com Spencer Brody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: