[TOOLS-1020] mongodump/mongorestore shows clear password in the process list - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical - P2
Resolution: Won't Fix
Affects Version/s: 3.0.6
Fix Version/s: None
Component/s: mongodump
Labels:
None

Sprint:
Platforms 2017-03-27
Case:

Description

In 2.6, when you execute a mongodump/mongorestore with auth info, the password will not be displayed when you issue a "ps -ef" command to list the running process.

See attachment mongodump-output-2.6

In 3.0.6/3.2, however, the password will be displayed when doing "ps -ef" command.

See attachment mongodump-output-3.0

This would allow other users to be able to learn the mongodb password.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

mongodump-output-2.6.jpg
7 kB
Dec 16 2015 05:26:05 AM UTC
mongodump-output-3.0.jpg.png
53 kB
Dec 16 2015 05:28:43 AM UTC

Issue Links

related to

TOOLS-2447 Improve processlist output

Closed

Activity

People

Assignee:: Gabriel Russell (Inactive)

Reporter:: Jianfa Tang (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: Dec 16 2015 05:24:08 AM UTC

Updated:: Jan 05 2021 07:00:46 PM UTC

Resolved:: Mar 03 2017 10:08:14 PM UTC