Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31176

mongo shell should use stderr for password prompt

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.2.18, 3.4.10, 3.6.0-rc0
    • Component/s: Shell
    • Labels:
      None
    • Backwards Compatibility:
      Minor Change
    • Backport Requested:
      v3.4, v3.2

      Description

      If a plain -p or --password is passed to the mongo shell, it will interactively prompt the user for their password (which is entered without terminal echo). This is well-known to be more secure than providing the password on the command line (which can cause it to accidentally end up in the user's bash history file, or be visible during screen sharing, for example).

      Currently the shell uses stdout for this "Enter password:" prompt, which causes it to be mixed in with the actual output, and if the output has been redirected, requires users to "blindly" type their password without a prompt.

      Outputting the prompt to stderr, rather than to stdout, will fix this problem and bring the shell into line with user expectations (based on the common behaviour of other *nix utilities, including the other MongoDB command line tools (ie. mongodump et al, although they require that no -p option is passed)).

      Currently:

      $ mongo --quiet --eval 'db.adminCommand("connectionStatus")' admin -u user -p > output.txt
      (I had to blindly type my password here)
      $ cat output.txt
      Enter password:
      {
              "authInfo" : {
                      "authenticatedUsers" : [
                              {
                                      "user" : "user",
                                      "db" : "admin"
                              }
                      ],
                      "authenticatedUserRoles" : [
                              {
                                      "role" : "clusterAdmin",
                                      "db" : "admin"
                              },
                              {
                                      "role" : "readWriteAnyDatabase",
                                      "db" : "admin"
                              },
                              {
                                      "role" : "userAdminAnyDatabase",
                                      "db" : "admin"
                              },
                              {
                                      "role" : "dbAdminAnyDatabase",
                                      "db" : "admin"
                              }
                      ]
              },
              "ok" : 1
      }
      

      Desired/expected:

      $ mongo --quiet --eval 'db.adminCommand("connectionStatus")' admin -u user -p > output.txt
      Enter password:
      $ cat output.txt
      {
              "authInfo" : {
                      "authenticatedUsers" : [
                              {
                                      "user" : "user",
                                      "db" : "admin"
                              }
                      ],
                      "authenticatedUserRoles" : [
                              {
                                      "role" : "clusterAdmin",
                                      "db" : "admin"
                              },
                              {
                                      "role" : "readWriteAnyDatabase",
                                      "db" : "admin"
                              },
                              {
                                      "role" : "userAdminAnyDatabase",
                                      "db" : "admin"
                              },
                              {
                                      "role" : "dbAdminAnyDatabase",
                                      "db" : "admin"
                              }
                      ]
              },
              "ok" : 1
      }
      

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: