[SERVER-17527] Add startupWarning if server started with --rest or --httpinterface and access control is enabled Created: 10/Mar/15 Updated: 26/Jan/16 Resolved: 08/Sep/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Usability |
| Affects Version/s: | None |
| Fix Version/s: | 3.1.8 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Robert Guo (Inactive) |
| Resolution: | Done | Votes: | 3 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Sprint: | Security 9 (09/18/15) | ||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
The http interface doesn't work with SCRAM-SHA-1 user documents and is generally considered insecure. In our documentation we advise any users concerned with the security of their deployment to disable the http interface. We should add a startWarning so users will see in their logs and in MMS if they are running with this type of configuration. |
| Comments |
| Comment by Githook User [ 26/Jan/16 ] |
|
Author: {u'username': u'guoyr', u'name': u'Robert Guo', u'email': u'robert.guo@10gen.com'}Message: Revert " This reverts commit a01f882735e7655cfb1572ec8c6710f296caf4be. |
| Comment by Githook User [ 26/Jan/16 ] |
|
Author: {u'username': u'guoyr', u'name': u'Robert Guo', u'email': u'robert.guo@10gen.com'}Message: (cherry picked from commit 7a615393f4ce1fee83767ab161cdbc6a6ed1fdef) |
| Comment by Githook User [ 08/Sep/15 ] |
|
Author: {u'username': u'guoyr', u'name': u'Robert Guo', u'email': u'robert.guo@10gen.com'}Message: |