[COMPASS-1269] Passwords Cached in Recent Connections Created: 19/Jun/17  Updated: 10/Jan/24  Resolved: 28/Oct/19

Status: Closed
Project: Compass
Component/s: Connectivity
Affects Version/s: 1.7.1
Fix Version/s: 1.20.0

Type: New Feature Priority: Major - P3
Reporter: Andrew Walsh Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to COMPASS-2556 As an enterprise Compass user, I want... Closed
Epic Link: COMPASS-3570

 Description   

See comments below.



 Comments   
Comment by Massimiliano Marcon [ 27/Sep/19 ]

Closing this issue in JIRA. It's been moved to the new, unified feedback engine at https://feedback.mongodb.com/forums/924283-compass.

We are looking for input to decide how to prioritize it, so go there, look for the suggestion, vote and leave comments. If you don't find it, feel free to create a new one.

Comment by Roger Meyer [ 14/May/19 ]

The option NOT to save passwords is an (inconvenient) security requirement from our Company as well. But from a wider perspective, it would be beneficial, if this setting could be enabled / disabled by use of an underlaying policy if the below described is not feasible / applicable.

In general storing the credential in the platform-specific, (Windows / Mac / Linux) credential store would be imho the best for convenience and security reasons. I.e. Windows operated Notebook, where the credentials are stored within the TPM-module.

Comment by Thomas Rueckstiess [ 19/Jun/17 ]

I'm okay with not saving the passwords in the recent connections list, and prompt the user to type it again, if that's what we want to do.

It's a trade-off between security and convenience, as always. sam.weaver, any thoughts?

Note: For favorites, the behavior is a little different. You can leave the password blank before you save the favorite. In that case you need to re-type it.

Comment by Durran Jordan [ 19/Jun/17 ]

Yes this is the expected behaviour. We could add a feature to enable/disable the recent connections altogether or tell them not to store the passwords, but would need to figure out how we would want that to work and prioritize it.

Comment by Andrew Walsh [ 19/Jun/17 ]

Intercom conversation for context.

Comment by Andrew Walsh [ 19/Jun/17 ]

This reported behavior may be tangential to the work being conducted in COMPASS-1173.

Generated at Wed Feb 07 22:27:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.