Provide configuration option to disable usage of db.auth()

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Done
    • Priority: Major - P3
    • 2.3.2
    • Affects Version/s: 2.2.0
    • Component/s: Security
    • None
    • Environment:
      RHEL 6.2
    • Fully Compatible
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      Usage of db.auth means a password (often admin) needs to be typed in clear text. However the authentication can be performed on connection to MongoDB so that no password is ever displayed in clear text.

      If authentication without using db.auth() is the best practice for a MongoDB user, they should be able to enforce it by setting a configuration option which means that the db.auth() command cannot be used for authentication.

            Assignee:
            Andy Schwerin
            Reporter:
            Simon Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: