Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.3.2
Affects Version/s: 2.2.0
Component/s: Security
Labels:
None
Environment:
RHEL 6.2

Backwards Compatibility:
Fully Compatible
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Usage of db.auth means a password (often admin) needs to be typed in clear text. However the authentication can be performed on connection to MongoDB so that no password is ever displayed in clear text.

If authentication without using db.auth() is the best practice for a MongoDB user, they should be able to enforce it by setting a configuration option which means that the db.auth() command cannot be used for authentication.

depends on

SERVER-7119 Add SASL config option(s)

Closed

Assignee:: Andy Schwerin
Reporter:: Simon Harvey
Participants:: Andy Schwerin, auto, Craig Wilson, Simon Harvey
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Nov 12 2012 01:01:03 PM UTC
Updated:: Oct 30 2015 02:44:56 PM UTC
Resolved:: Dec 05 2012 09:06:14 PM UTC
Confidence Status Last Update:: 03/Dec/12 9:14 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates