[SERVER-13427] Shell should verify that user password is a string during user creation Created: 31/Mar/14  Updated: 24/Sep/14  Resolved: 03/Apr/14

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: 2.4.9, 2.6.0-rc2
Fix Version/s: 2.7.0

Type: Improvement Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Tested
Backwards Compatibility: Minor Change
Participants:

 Description   

If the shell blindly accepts the password without checking the type, it will pass it into the md5 function which will coerce the password into a string. This could make it impossible to authenticate later if you are using an authentication mechanism where the password is digested server-side.



 Comments   
Comment by Githook User [ 03/Apr/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-13427 Make sure password is a string when creating users in the shell
Branch: master
https://github.com/mongodb/mongo/commit/30a93a1016c2dc550ab3de3e5bf0e8155209645f

Generated at Thu Feb 08 03:31:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.