[SERVER-27655] Redact echoed mongo shell URIs Created: 12/Jan/17  Updated: 04/Sep/19  Resolved: 04/Sep/19

Status: Closed
Project: Core Server
Component/s: Security, Shell
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Spencer Jackson Assignee: Adam Cooper (Inactive)
Resolution: Duplicate Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by SERVER-35212 URI connection does not default to ad... Closed
Related
Sprint: Security 2019-08-26, Security 2019-09-09
Participants:

 Description   

By default, when you run the shell with a URI, it will echo the URI to the output. This URI will sometimes include passwords. It can be suppressed by running the shell with `--quiet`, but this will also surpress the server's startup warnings. This output could be redacted.

Example:

% ./mongo --quiet mongodb://admin:admin@localhost
MongoDB Enterprise > ^C
% ./mongo mongodb://admin:admin@localhost                                                                                                                      
MongoDB shell version v3.5.1-62-g2962b34c53
connecting to: mongodb://admin:admin@localhost
MongoDB server version: 3.5.1-184-g3b5e142701
Server has startup warnings:
2017-01-12T11:06:36.220-0500 I STORAGE  [initandlisten]
2017-01-12T11:06:36.220-0500 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2017-01-12T11:06:36.220-0500 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2017-01-12T11:06:36.543-0500 I CONTROL  [initandlisten]
2017-01-12T11:06:36.543-0500 I CONTROL  [initandlisten] ** NOTE: This is a development version (3.5.1-184-g3b5e142701) of MongoDB.
2017-01-12T11:06:36.543-0500 I CONTROL  [initandlisten] **       Not recommended for production.
2017-01-12T11:06:36.543-0500 I CONTROL  [initandlisten]
2017-01-12T11:06:36.543-0500 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2017-01-12T11:06:36.543-0500 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2017-01-12T11:06:36.544-0500 I CONTROL  [initandlisten]
2017-01-12T11:06:36.545-0500 I CONTROL  [initandlisten]
2017-01-12T11:06:36.545-0500 I CONTROL  [initandlisten] ** WARNING: You are running on a NUMA machine.
2017-01-12T11:06:36.545-0500 I CONTROL  [initandlisten] **          We suggest launching mongod like this to avoid performance problems:
2017-01-12T11:06:36.545-0500 I CONTROL  [initandlisten] **              numactl --interleave=all mongod [other options]
2017-01-12T11:06:36.546-0500 I CONTROL  [initandlisten]
2017-01-12T11:06:36.546-0500 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-01-12T11:06:36.546-0500 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-01-12T11:06:36.546-0500 I CONTROL  [initandlisten]
MongoDB Enterprise >



 Comments   
Comment by Ian Whalen (Inactive) [ 08/Aug/19 ]

sara to figure out where this should be assigned/handled.

Generated at Thu Feb 08 04:15:47 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.