Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17390

HTTP Interface does not work with SCRAM User Documents

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Gone away
    • Affects Version/s: 3.0.0-rc11
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Steps To Reproduce:
      Hide

      1. Run a 3.0 server with --auth and --httpinterface both enabled, no user documents present.
      2. Create a new user.
      3. Attempt to access the http interface with the user's credentials.

      Show
      1. Run a 3.0 server with --auth and --httpinterface both enabled, no user documents present. 2. Create a new user. 3. Attempt to access the http interface with the user's credentials.

      Description

      The HTTP Interface code (db/dbwebserver.cpp) was never updated to work with SCRAM-style user documents, and thus is not compatible with the new user document format. However, the interface still works with 2.6-style user documents in a 3.0 database that have not yet been updated.

      Alternatively, we could deprecate support for the HTTP interface with auth enabled (or entirely) as it is a potential security risk.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              backlog-server-platform DO NOT USE - Backlog - Platform Team
              Reporter:
              amalia.hawkins@10gen.com Amalia Hawkins
              Participants:
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: