Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36802

Don't omit db.auth() et al from shell history if they don't contain string literal password

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Shell
    • Labels:

      Description

      Calls to db.auth(), db.addUser(), etc aren't added to shell history because this would cause any string literal password in the call to be stored in cleartext in the history file. However, if the password isn't specified as a string literal (eg. passwordPrompt() is called instead), or is omitted completely (if SERVER-3788 is implemented), then the line is safe to add to history in these cases.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              backlog-server-stm Backlog - Server Tooling and Methods (STM)
              Reporter:
              kevin.pulo Kevin Pulo
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: