Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Won't Fix
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Replication, Security
Labels:
None
Environment:
All platforms

Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Authentication should only occur over secure channels. Support for SSL/TLS communication should be added for authentication.

This form of authentication should include client certificate authentication for the purpose of mutually authenticating replication partners. Even with anti-replay nonce values and encrypted "keys" clear text authentication will be vulnerable to man-in-the middle attacks.

is depended on by

SERVER-4319 MongoDB Authentication related queries/issues

Closed

is duplicated by

SERVER-4320 MongoDB Session Management related queries/question

Closed

Assignee:: Andy Schwerin
Reporter:: Mark porter
Participants:: Andy Schwerin, Mark porter
Votes:: 1 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Aug 09 2012 08:38:51 PM UTC
Updated:: Dec 10 2014 11:14:36 PM UTC
Resolved:: Apr 30 2013 02:43:33 PM UTC

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates