Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17516

Add audit log messages for using incorrect auth mechanisms.

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: 3.0.0
    • Fix Version/s: features we're not sure of
    • Component/s: Security
    • Labels:
      None

      Description

      We should investigate whether we want to log to the audit log when a user attempts to authenticate with a nonexistent auth mechanism, for example:

      > db.auth({user:"amalia", pwd:"123456", mechanism:"fake"});

      This currently does not log to the audit log, and we may wish to change that behavior.

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-17507 MongoDB3 enterprise AuditLog

          • Major - P3 - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              backlog-server-security Backlog - Security Team
              Reporter:
              amalia.hawkins@10gen.com Amalia Hawkins
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated: