Loading...

XML

Word

Printable

JSON

Type: Question
Resolution: Duplicate
Priority: Minor - P4
Fix Version/s: None
Affects Version/s: 2.6.3
Component/s: HTTP Console, Security
Labels:
None

Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

http://localhost:28017 access is possible without username/password when security is enabled (user exists in db). Shell access and host:28017 is not possible without user name password when security is enabled and user exists. Is this expected behavior ?

duplicates

SERVER-17379 HTTP interface's localhost exception check is too permissive

Closed

Assignee:: Unassigned
Reporter:: ananth
Participants:: ananth, Andreas Nilsson, Fanky, Ramon Fernandez Marina, Spencer Brody
Votes:: 0 Vote for this issue
Watchers:: 8 Start watching this issue

Created:: Mar 23 2015 06:13:07 AM UTC
Updated:: May 12 2015 05:30:46 PM UTC
Resolved:: May 12 2015 05:30:46 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates