[DOCS-11415] Warning box for createUser encryption Created: 05/Mar/18  Updated: 30/Oct/23  Resolved: 08/Mar/18

Status: Closed
Project: Documentation
Component/s: manual
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Improvement Priority: Critical - P2
Reporter: Davi Ottenheimer Assignee: Ravind Kumar (Inactive)
Resolution: Fixed Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 5 years, 48 weeks, 5 days ago
Story Points: 0.5

 Description   

We need a stronger warning about the use of encryption for createUser

https://docs.mongodb.com/manual/reference/command/createUser/#encryption

"WARNING: Please note that by default createUser sends a password in plaintext to MongoDB, which can compromise it on insecure networks. Use of SSL/TLS to protect the password in transit is strongly recommended. Many environments require encrypted communications for authentication."

There already is an "important" box and also a "warning" box above the Encryption section. Perhaps to avoid too many boxes competing for attention, we could we remove the "important" box (it says an error will be thrown, so users will be made aware of this by the error) and downgrade the "warning" box about usability to an "important" box, leaving only the new createUser "warning" box. It is very important we warn people to encrypt this password to avoid security breaches.



 Comments   
Comment by Githook User [ 09/Mar/18 ]

Author:

{'email': 'ravind.kumar@10gen.com', 'name': 'ravind', 'username': 'rkumar-mongo'}

Message: DOCS-11415: Use TLS to mitigate cleartext passwords
Branch: v3.2
https://github.com/mongodb/docs/commit/869fb6e6e53701912a7813efe27cbb69d864943e

Comment by Githook User [ 09/Mar/18 ]

Author:

{'email': 'ravind.kumar@10gen.com', 'name': 'ravind', 'username': 'rkumar-mongo'}

Message: DOCS-11415: Use TLS to mitigate cleartext passwords
Branch: v3.4
https://github.com/mongodb/docs/commit/4e26bcbc3fdf72a686baf3dc8df57fd515182739

Comment by Githook User [ 09/Mar/18 ]

Author:

{'email': 'ravind.kumar@10gen.com', 'name': 'ravind', 'username': 'rkumar-mongo'}

Message: DOCS-11415: Use TLS to mitigate cleartext passwords
Branch: master
https://github.com/mongodb/docs/commit/234a530b5fcb54cfa31446aa7043f391ece8cd28

Comment by Ravind Kumar (Inactive) [ 08/Mar/18 ]

PR Opened, waiting for merge.

Generated at Thu Feb 08 08:02:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.