We are currently in a security audit, and our last understanding was that for administrative purposes, MongoDB did not provide a mechanism to provide a user/password that could be encrypted when sent over the wire. Basically the password was in the clear which is considered a security vulnerability.

I know MMS uses 128 bit SSL, however our admin application creates the Virtual Machines(Red Hat), and installs the MongoDB, build the shards and does whatever admin work is required to automatically install, configure and start the mongo database.

A former employee had reported that as of December 2012, there was no encryption of passwords available in MongoDB for these purposes. Is this correct?

Is there a facility in MongoDB, or in any of the drivers that enables you to login to MongoDB, with encryption of username and/or password? If not, is this feature scheduled for future releases and if so, when would they become available for testing.