[SERVER-10855] Add a way to specify in createUser and updateUser commands whether the server should hash the password or the driver already has Created: 23/Sep/13  Updated: 02/Aug/18  Resolved: 23/Oct/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Task Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-7363 Allow users to set specify a password... Open
is depended on by DRIVERS-103 Manipulate user objects exclusively v... Closed
is depended on by JAVA-909 Update user manipulation helpers to u... Closed
Duplicate
is duplicated by SERVER-10648 createUser and updateUser commands sh... Closed
Backwards Compatibility: Minor Change
Participants:

 Description   

For password policy enforcement the server needs to receive the password in plain text.
For users without SSL, however, they probably want a way to continue the existing behavior of hashing the password in the client before sending it over the wire.

Need to also figure out what the default should be, what the right interface to control this in the drivers is, etc.



 Comments   
Comment by auto [ 23/Oct/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-10855 Add option to let client hash user's password.
Branch: master
https://github.com/mongodb/mongo/commit/a9eb91679a5df939c8fbe0fb5737588ee0f758a1

Generated at Thu Feb 08 03:24:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.