Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-30997

mongo cli --password is masked, but not when using mongodb:// connection string

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Fixed
    • Affects Version/s: 3.4.7
    • Fix Version/s: 3.6.9, 4.0.3, 4.1.2
    • Component/s: Tools
    • Labels:
    • Environment:
      Linux

      Description

      When using the following:

      $ mongo --host 127.0.0.1 --user admin --password superSecret12345
      $ ps auxww | grep mongo
      $ mongo mongodb://admin:superSecret12345@127.0.0.1/
      $ ps auxww | grep mongo

      You see that --password value has been masked with "x" characters, so you don't easily expose the password to others. However, when connecting using the mongodb:// connection string, which is still waiting to be documented ( DOCS-9033 ) , the password is not masked.

      In the mongodb:// method as well, the password is also leaked into the stdout of the cli when it displays "connecting to: mongodb://admin:superSecret12345@127.0.0.1/"

      I believe these should be masked in the same way, so the password is never displayed in the running process cmdline or in the stdout line displayed saying it is connecting.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jonathan.reams Jonathan Reams
              Reporter:
              aqueen Aaron Queen
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: