Provide configuration option to disable usage of db.auth()

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Done
    • Priority: Major - P3
    • 2.3.2
    • Affects Version/s: 2.2.0
    • Component/s: Security
    • None
    • Environment:
      RHEL 6.2
    • Fully Compatible
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Usage of db.auth means a password (often admin) needs to be typed in clear text. However the authentication can be performed on connection to MongoDB so that no password is ever displayed in clear text.

      If authentication without using db.auth() is the best practice for a MongoDB user, they should be able to enforce it by setting a configuration option which means that the db.auth() command cannot be used for authentication.

              Assignee:
              Andy Schwerin
              Reporter:
              Simon Harvey
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: