Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Won't Fix
Priority: Minor - P4
Fix Version/s: None
Affects Version/s: None
Component/s: Shell
Labels:
- move-stm

Assigned Teams:

Server Tooling & Methods

Calls to db.auth(), db.addUser(), etc aren't added to shell history because this would cause any string literal password in the call to be stored in cleartext in the history file. However, if the password isn't specified as a string literal (eg. passwordPrompt() is called instead), or is omitted completely (if ~~SERVER-3788~~ is implemented), then the line is safe to add to history in these cases.

related to

SERVER-3768 db.addUser() appears in shell history, with cleartext passwords

Closed

SERVER-9939 createUser and updateUser commands aren't filtered from shell history, even though they may contain user's password

Closed

SERVER-5616 Any shell command containing the string ".auth" is not added to shell history

Closed

SERVER-24391 Prompt for password on user creation or password change via the shell

Closed

SERVER-581 don't store line in shell history if it has .auth in it

Closed

SERVER-3788 version of auth() that prompts for password so it is never displayed

Closed

(1 related to)

Assignee:: Backlog - Server Tooling and Methods (STM) (Inactive)

Reporter:: Kevin Pulo

Participants:: Backlog - Server Tooling and Methods (STM), Kevin Pulo, Robert Guo

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: Aug 22 2018 02:42:58 AM UTC

Updated:: Dec 06 2022 03:20:02 AM UTC

Resolved:: Dec 17 2020 07:28:29 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates