Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Done
Priority: Major - P3
Fix Version/s: 3.1.8
Affects Version/s: None
Component/s: Security, Usability
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 9 (09/18/15)
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

The http interface doesn't work with SCRAM-SHA-1 user documents and is generally considered insecure. In our documentation we advise any users concerned with the security of their deployment to disable the http interface. We should add a startWarning so users will see in their logs and in MMS if they are running with this type of configuration.

is related to

SERVER-17512 Unable to authenticate with web console with SCRAM-SHA-1

Closed

related to

SERVER-17390 HTTP Interface does not work with SCRAM User Documents

Closed

SERVER-21348 'compatability' typo in web-server start-up warning

Closed

Assignee:: Robert Guo (Inactive)
Reporter:: Spencer Brody (Inactive)
Participants:: Githook User, Robert Guo, Spencer Brody
Votes:: 3 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Mar 10 2015 06:56:45 PM UTC
Updated:: Jan 26 2016 10:35:17 PM UTC
Resolved:: Sep 08 2015 05:01:53 PM UTC

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates