Core Server
  1. Core Server
  2. SERVER-3768

db.addUser() appears in shell history, with cleartext passwords

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Major - P3 Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.4, 2.1.1
    • Component/s: Security, Shell
    • Labels:
      None
    • Backport:
      Done
    • # Replies:
      3
    • Last comment by Customer:
      false

      Description

      See below - I can retrieve my addUser lines with the up arrow.

      Aaron-Staples-MacBook-Pro:mongo aaron$ ./mongo
      MongoDB shell version: 2.0.0-rc2-pre-
      connecting to: test
      > db.addUser( 'aaron', 'mypass' )

      { "n" : 0, "connectionId" : 2, "err" : null, "ok" : 1 } { "user" : "aaron", "readOnly" : false, "pwd" : "8c875bb39fcf051edc876c0ee71d5585", "_id" : ObjectId("4e668f1dd04af0d2e2b8b83e") }

      > db.addUser( 'aaron', 'mypass' ) <<<-------- Got this one by pressing up arrow

      { "updatedExisting" : true, "n" : 1, "connectionId" : 2, "err" : null, "ok" : 1 } { "_id" : ObjectId("4e668f1dd04af0d2e2b8b83e"), "user" : "aaron", "readOnly" : false, "pwd" : "8c875bb39fcf051edc876c0ee71d5585" }

      >
      bye
      Aaron-Staples-MacBook-Pro:mongo aaron$ ./mongo
      MongoDB shell version: 2.0.0-rc2-pre-
      connecting to: test
      > db.addUser( 'aaron', 'mypass' ) <<<-------- Got this one by pressing up arrow

      { "updatedExisting" : true, "n" : 1, "connectionId" : 4, "err" : null, "ok" : 1 } { "_id" : ObjectId("4e668f1dd04af0d2e2b8b83e"), "user" : "aaron", "readOnly" : false, "pwd" : "8c875bb39fcf051edc876c0ee71d5585" }

      >

        Activity

        Hide
        Eliot Horowitz
        added a comment -

        should strip from history like .auth()

        Show
        Eliot Horowitz
        added a comment - should strip from history like .auth()
        Hide
        auto
        added a comment -

        Author:

        {u'login': u'RedBeard0531', u'email': u'mathias@10gen.com', u'name': u'Mathias Stearn'}

        Message: Dont add addUser lines to shell history SERVER-3768
        Branch: master
        https://github.com/mongodb/mongo/commit/88db626c74fac3ee0321f4e28e1f54d15c355fec

        Show
        auto
        added a comment - Author: {u'login': u'RedBeard0531', u'email': u'mathias@10gen.com', u'name': u'Mathias Stearn'} Message: Dont add addUser lines to shell history SERVER-3768 Branch: master https://github.com/mongodb/mongo/commit/88db626c74fac3ee0321f4e28e1f54d15c355fec
        Hide
        auto
        added a comment -

        Author:

        {u'login': u'erh', u'name': u'Eliot Horowitz', u'email': u'eliot@10gen.com'}

        Message: Dont add addUser lines to shell history SERVER-3768

        Conflicts:

        shell/dbshell.cpp
        Branch: v2.0
        https://github.com/mongodb/mongo/commit/446f597cf423d62df0b4a6c292b57da1f382649c

        Show
        auto
        added a comment - Author: {u'login': u'erh', u'name': u'Eliot Horowitz', u'email': u'eliot@10gen.com'} Message: Dont add addUser lines to shell history SERVER-3768 Conflicts: shell/dbshell.cpp Branch: v2.0 https://github.com/mongodb/mongo/commit/446f597cf423d62df0b4a6c292b57da1f382649c

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since reply:
              2 years, 6 weeks, 3 days ago
              Date of 1st Reply: