Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-4601

The mongo console requires authentication even if mongod is not started with --auth

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Won't Fix
    • Affects Version/s: 2.0.2
    • Fix Version/s: None
    • Component/s: HTTP Console
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL

      Description

      To reproduce:

      Start up mongod with no flags

      In a local mongo JS shell remove any user credentials from all dbs, including admin

      > use admin
      > db.system.users.remove()

      With another computer on the network (or a VM) open a browser and go to the mongo console of the machine that is running mongod

      http://x.x.x.x:28017/

      You should be able to access the console.

      Now, clear the browser history and close the browser in the second computer or VM

      In the JS console of the machine running mongod, create a new user in the admin database.

      > use admin
      > db.addUser("admin","adminpword")

      Go back to the second computer or VM, and try to access the console. Notice that an "authentication" window pops up.

      The HTTP interface documentation states that, "If security is configured for a mongod instance, authentication is required for a client to access the http interface from another machine."

      http://www.mongodb.org/display/DOCS/Http+Interface#HttpInterface-HTTPConsoleSecurity

      If this behavior is by design, the documentation should be changed to reflect that authentication will be required even if mongod is not started with the --auth flag.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              backlog-server-platform DO NOT USE - Backlog - Platform Team
              Reporter:
              barrie Barrie Segal
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: