Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-5985

It sound a loophole on MongoDB Shard Authentication

    XMLWordPrintableJSON

Details

    • Icon: Question Question
    • Resolution: Duplicate
    • Icon: Critical - P2 Critical - P2
    • None
    • 2.0.5
    • Security, Stability
    • None
    • Centos 5.8, MongoDB 2.0.5, php 5.3.11, php mongo driver 1.3 and rockmongo v1.1.1;

    Description

      i use 2 server for setup mongodb.

      Server A:
      rs_a/shardserv 27001,shardserv 27002,Arbiter 27003
      rs_b/shardserv 29001,shardserv 29002,Arbiter 29003
      configserv 31001,configserv 31002,configserv 31003

      Server B:
      mongos 27017
      + Rockmongo

      As usual, i use rockmongo to connect to mongodb cluster. I have created a database with 1 normal user and 1 readonly user. When i first connect to mongodb cluster, it is normal and correct which just show 1 database. However, when i try to click on the database (refresh) a lot of times, it suddenly list all the database include admin, and the worst you can add admin user.

      Is that anything wrong, it a bugs or setup problem?

      Attachments

        Activity

          People

            spencer@mongodb.com Spencer Brody (Inactive)
            chenlin@jobstreet.com swordsman
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: