Loading...

XML

Word

Printable

JSON

Details

Type: Improvement
Resolution: Won't Fix
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Replication, Security
Labels:
None
Environment:
All platforms

Description

Authentication should only occur over secure channels. Support for SSL/TLS communication should be added for authentication.

This form of authentication should include client certificate authentication for the purpose of mutually authenticating replication partners. Even with anti-replay nonce values and encrypted "keys" clear text authentication will be vulnerable to man-in-the middle attacks.

Attachments

Issue Links

is depended on by

SERVER-4319 MongoDB Authentication related queries/issues

Closed

is duplicated by

SERVER-4320 MongoDB Session Management related queries/question

Closed

Activity

People

Assignee:: Andy Schwerin

Reporter:: Mark porter

Participants:: Andy Schwerin, Mark porter

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: Aug 09 2012 08:38:51 PM UTC

Updated:: Dec 10 2014 11:14:36 PM UTC

Resolved:: Apr 30 2013 02:43:33 PM UTC