Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-4319

MongoDB Authentication related queries/issues

    XMLWordPrintable

    Details

    • Type: Question
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Duplicate
    • Affects Version/s: 1.9.0
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Environment:
      Windows/Linux/Freebsd

      Description

      1. Password hash values should be stored using a random salt and hashed using a strong hash such as SHA256.
      2. Hash values should not be sent over the network, even as part of a digest.
      3. Authentication requests should be protected against replay .
      4. Credentials storage should be protected against access from all users except DBA's. This includes the actual database files that
      store the encrypted credentials.
      5. Ensure integrity of replicated data using either PKI or HMAC technology.
      6. Authentication should occur only over secure channels. Support for SSL/TLS communication should be added for authentication. This
      should include client certificate authentication for the purpose of mutually authenticating replication partners. Even with anti-
      replay nonce values and encrypted "keys" clear text authentication will be vulnerable to man-in-the middle attacks.
      7. Provisions for more granular levels of authorization should be added to include provisions for groups and roles for database
      users.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: