[SERVER-41152] A space in the authenticationMechanisms string should produce at least a warning message - MongoDB

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor - P4
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.2.0-rc4, 4.0.12, 4.3.1
Component/s: Logging, Security
Labels:
- neweng

Backwards Compatibility:
Fully Compatible
Backport Requested:

v4.2, v4.0
Epic Link:
Security FY2020Q3 Quick Wins
Sprint:
Security 2019-06-03, Security 2019-06-17, Security 2019-07-01
Case:

Description

The security.authenticationMechanisms parameter (as documented here) requires that "If you specify multiple values, use a comma-separated list and no spaces."

If you put a space like for example:

authenticationMechanisms: "SCRAM-SHA-256, GSSAPI"

SCRAM-SHA-256 will be enabled and GSSAPI not in a silent way. This can trick users and who needs to troubleshoot this.

It would be nice to have a warning message that warns you that you have a space in the authenticationMechanisms parameter string and all the auth mechanisms specified may have not been enabled because of that.

Attachments

Activity

People

Assignee:: Jason Piao (Inactive)

Reporter:: Emilio Scalise

Participants:: Emilio Scalise, Githook User, Jason Piao

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: May 15 2019 08:52:46 AM UTC

Updated:: Aug 26 2019 07:03:06 PM UTC

Resolved:: Jun 20 2019 02:27:40 PM UTC