Minor - P4 If a plain -p or --password is passed to the mongo shell, it will interactively prompt the user for their password (which is entered without terminal echo). This is well-known to be more secure than providing the password on the command line (which can cause it to accidentally end up in the user's bash history file, or be visible during screen sharing, for example).
Currently the shell uses stdout for this "Enter password:" prompt, which causes it to be mixed in with the actual output, and if the output has been redirected, requires users to "blindly" type their password without a prompt.
Outputting the prompt to stderr, rather than to stdout, will fix this problem and bring the shell into line with user expectations (based on the common behaviour of other *nix utilities, including the other MongoDB command line tools (ie. mongodump et al, although they require that no -p option is passed)).
Currently:
$ mongo --quiet --eval 'db.adminCommand("connectionStatus")' admin -u user -p > output.txt
(I had to blindly type my password here)
$ cat output.txt
Enter password:
{
"authInfo" : {
"authenticatedUsers" : [
{
"user" : "user",
"db" : "admin"
}
],
"authenticatedUserRoles" : [
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
}
]
},
"ok" : 1
}
Desired/expected:
$ mongo --quiet --eval 'db.adminCommand("connectionStatus")' admin -u user -p > output.txt
Enter password:
$ cat output.txt
{
"authInfo" : {
"authenticatedUsers" : [
{
"user" : "user",
"db" : "admin"
}
],
"authenticatedUserRoles" : [
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
}
]
},
"ok" : 1
}