Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-53770

mongo shell should prohibit port numbers in mongodb+srv connection strings

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Won't Do
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: 4.9.0
    • Component/s: Shell
    • Labels:
      None
    • Server Security
    • ALL
    • Hide 
      $ mongo mongodb+srv://catdev.jdx66.mongodb.net:27017
MongoDB shell version v4.9.0-alpha-622-gcb49f58
connecting to: mongodb://catdev-shard-00-00.jdx66.mongodb.net:27017,catdev-shard-00-01.jdx66.mongodb.net:27017,catdev-shard-00-02.jdx66.mongodb.net:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb&replicaSet=atlas-dp03gg-shard-0&ssl=true
      Show
      $ mongo mongodb+srv://catdev.jdx66.mongodb.net:27017 MongoDB shell version v4.9.0-alpha-622-gcb49f58 connecting to: mongodb://catdev-shard-00-00.jdx66.mongodb.net:27017,catdev-shard-00-01.jdx66.mongodb.net:27017,catdev-shard-00-02.jdx66.mongodb.net:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb&replicaSet=atlas-dp03gg-shard-0&ssl=true

      In PHPC-1730, a user noted that the mongo shell accepts a port number in a mongodb+srv connection string and asked why the same URI was rejected by the PHP driver. To quote the Initial DNS Seedlist Discovery spec:

      It is an error to specify a port in a connection string with the mongodb+srv protocol, and the driver MUST raise a parse error and MUST NOT do DNS resolution or contact hosts.

      I presume the mongo shell ignores the port, but it may be preferable to raise an error for the sake of consistency with drivers.

      Note: this only pertains to mongo and is not an issue for mongosh since that uses the Node.js driver (which should already comply with the spec).

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: