[SERVER-17390] HTTP Interface does not work with SCRAM User Documents Created: 26/Feb/15 Updated: 14/Jul/17 Resolved: 14/Jul/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 3.0.0-rc11 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Amalia Hawkins | Assignee: | DO NOT USE - Backlog - Platform Team |
| Resolution: | Done | Votes: | 3 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Steps To Reproduce: | 1. Run a 3.0 server with --auth and --httpinterface both enabled, no user documents present. |
||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
The HTTP Interface code (db/dbwebserver.cpp) was never updated to work with SCRAM-style user documents, and thus is not compatible with the new user document format. However, the interface still works with 2.6-style user documents in a 3.0 database that have not yet been updated. Alternatively, we could deprecate support for the HTTP interface with auth enabled (or entirely) as it is a potential security risk. |