Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-7626

Provide configuration option to disable usage of db.auth()

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 2.3.2
    • 2.2.0
    • Security
    • None
    • RHEL 6.2
    • Fully Compatible

    Description

      Usage of db.auth means a password (often admin) needs to be typed in clear text. However the authentication can be performed on connection to MongoDB so that no password is ever displayed in clear text.

      If authentication without using db.auth() is the best practice for a MongoDB user, they should be able to enforce it by setting a configuration option which means that the db.auth() command cannot be used for authentication.

      Attachments

        Activity

          People

            schwerin@mongodb.com Andy Schwerin
            simon.harvey@citi.com Simon Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: