[COMPASS-1269] Passwords Cached in Recent Connections Created: 19/Jun/17 Updated: 10/Jan/24 Resolved: 28/Oct/19 |
|
| Status: | Closed |
| Project: | Compass |
| Component/s: | Connectivity |
| Affects Version/s: | 1.7.1 |
| Fix Version/s: | 1.20.0 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Andrew Walsh | Assignee: | Unassigned |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Epic Link: | COMPASS-3570 | ||||||||
| Description |
|
See comments below. |
| Comments |
| Comment by Massimiliano Marcon [ 27/Sep/19 ] |
|
Closing this issue in JIRA. It's been moved to the new, unified feedback engine at https://feedback.mongodb.com/forums/924283-compass. We are looking for input to decide how to prioritize it, so go there, look for the suggestion, vote and leave comments. If you don't find it, feel free to create a new one. |
| Comment by Roger Meyer [ 14/May/19 ] |
|
The option NOT to save passwords is an (inconvenient) security requirement from our Company as well. But from a wider perspective, it would be beneficial, if this setting could be enabled / disabled by use of an underlaying policy if the below described is not feasible / applicable. In general storing the credential in the platform-specific, (Windows / Mac / Linux) credential store would be imho the best for convenience and security reasons. I.e. Windows operated Notebook, where the credentials are stored within the TPM-module. |
| Comment by Thomas Rueckstiess [ 19/Jun/17 ] |
|
I'm okay with not saving the passwords in the recent connections list, and prompt the user to type it again, if that's what we want to do. It's a trade-off between security and convenience, as always. sam.weaver, any thoughts? Note: For favorites, the behavior is a little different. You can leave the password blank before you save the favorite. In that case you need to re-type it. |
| Comment by Durran Jordan [ 19/Jun/17 ] |
|
Yes this is the expected behaviour. We could add a feature to enable/disable the recent connections altogether or tell them not to store the passwords, but would need to figure out how we would want that to work and prioritize it. |
| Comment by Andrew Walsh [ 19/Jun/17 ] |
|
Intercom conversation for context. |
| Comment by Andrew Walsh [ 19/Jun/17 ] |
|
This reported behavior may be tangential to the work being conducted in COMPASS-1173. |