[SERVER-17686] Access to http interface when authentication is enabled - MongoDB Jira

XML

Word

Printable

Details

Type: Question
Status: Closed
Priority: Minor - P4
Resolution: Duplicate
Affects Version/s: 2.6.3
Fix Version/s: None
Component/s: HTTP Console, Security
Labels:
None

Description

http://localhost:28017 access is possible without username/password when security is enabled (user exists in db). Shell access and host:28017 is not possible without user name password when security is enabled and user exists. Is this expected behavior ?

Attachments

Issue Links

duplicates

SERVER-17379 HTTP interface's localhost exception check is too permissive

Closed

Activity

People

Assignee:: Unassigned

Reporter:: ananth

Participants:: ananth, Andreas Nilsson, Fanky, Ramon Fernandez Marina, Spencer Brody

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: Mar 23 2015 06:13:07 AM UTC

Updated:: May 12 2015 05:30:46 PM UTC

Resolved:: May 12 2015 05:30:46 PM UTC