Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Affects Version/s: 3.0.0-rc11
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:

Hide

1. Run a 3.0 server with --auth and --httpinterface both enabled, no user documents present.
2. Create a new user.
3. Attempt to access the http interface with the user's credentials.

Show
1. Run a 3.0 server with --auth and --httpinterface both enabled, no user documents present. 2. Create a new user. 3. Attempt to access the http interface with the user's credentials.
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

The HTTP Interface code (db/dbwebserver.cpp) was never updated to work with SCRAM-style user documents, and thus is not compatible with the new user document format. However, the interface still works with 2.6-style user documents in a 3.0 database that have not yet been updated.

Alternatively, we could deprecate support for the HTTP interface with auth enabled (or entirely) as it is a potential security risk.

is duplicated by

SERVER-17512 Unable to authenticate with web console with SCRAM-SHA-1

Closed

is related to

SERVER-17527 Add startupWarning if server started with --rest or --httpinterface and access control is enabled

Closed

Assignee:: DO NOT USE - Backlog - Platform Team
Reporter:: Amalia Hawkins (Inactive)
Participants:: Amalia Hawkins, DO NOT USE - Backlog - Platform Team
Votes:: 3 Vote for this issue
Watchers:: 8 Start watching this issue

Created:: Feb 26 2015 04:00:10 PM UTC
Updated:: Jul 14 2017 06:41:57 PM UTC
Resolved:: Jul 14 2017 06:41:57 PM UTC

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates