[SERVER-31176] mongo shell should use stderr for password prompt Created: 20/Sep/17  Updated: 08/Jan/24  Resolved: 21/Sep/17

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: None
Fix Version/s: 3.2.18, 3.4.10, 3.6.0-rc0

Type: Improvement Priority: Minor - P4
Reporter: Kevin Pulo Assignee: Kevin Pulo
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Backwards Compatibility: Minor Change
Backport Requested:
v3.4, v3.2
Participants:

 Description   

If a plain -p or --password is passed to the mongo shell, it will interactively prompt the user for their password (which is entered without terminal echo). This is well-known to be more secure than providing the password on the command line (which can cause it to accidentally end up in the user's bash history file, or be visible during screen sharing, for example).

Currently the shell uses stdout for this "Enter password:" prompt, which causes it to be mixed in with the actual output, and if the output has been redirected, requires users to "blindly" type their password without a prompt.

Outputting the prompt to stderr, rather than to stdout, will fix this problem and bring the shell into line with user expectations (based on the common behaviour of other *nix utilities, including the other MongoDB command line tools (ie. mongodump et al, although they require that no -p option is passed)).

Currently:

$ mongo --quiet --eval 'db.adminCommand("connectionStatus")' admin -u user -p > output.txt
(I had to blindly type my password here)
$ cat output.txt
Enter password:
{
        "authInfo" : {
                "authenticatedUsers" : [
                        {
                                "user" : "user",
                                "db" : "admin"
                        }
                ],
                "authenticatedUserRoles" : [
                        {
                                "role" : "clusterAdmin",
                                "db" : "admin"
                        },
                        {
                                "role" : "readWriteAnyDatabase",
                                "db" : "admin"
                        },
                        {
                                "role" : "userAdminAnyDatabase",
                                "db" : "admin"
                        },
                        {
                                "role" : "dbAdminAnyDatabase",
                                "db" : "admin"
                        }
                ]
        },
        "ok" : 1
}

Desired/expected:

$ mongo --quiet --eval 'db.adminCommand("connectionStatus")' admin -u user -p > output.txt
Enter password:
$ cat output.txt
{
        "authInfo" : {
                "authenticatedUsers" : [
                        {
                                "user" : "user",
                                "db" : "admin"
                        }
                ],
                "authenticatedUserRoles" : [
                        {
                                "role" : "clusterAdmin",
                                "db" : "admin"
                        },
                        {
                                "role" : "readWriteAnyDatabase",
                                "db" : "admin"
                        },
                        {
                                "role" : "userAdminAnyDatabase",
                                "db" : "admin"
                        },
                        {
                                "role" : "dbAdminAnyDatabase",
                                "db" : "admin"
                        }
                ]
        },
        "ok" : 1
}



 Comments   
Comment by Githook User [ 04/Oct/17 ]

Author:

{'email': 'kevin.pulo@mongodb.com', 'name': 'Kevin Pulo', 'username': 'devkev'}

Message: SERVER-31176 Use stderr for interactive password prompts

(cherry picked from commit 48cdb7d69246339e097bf23ec0e6b9187a3f9221)
Branch: v3.2
https://github.com/mongodb/mongo/commit/0995b9e67328b0478a7b8407000a000ff8854ceb

Comment by Githook User [ 04/Oct/17 ]

Author:

{'email': 'kevin.pulo@mongodb.com', 'name': 'Kevin Pulo', 'username': 'devkev'}

Message: SERVER-31176 Use stderr for interactive password prompts

(cherry picked from commit 48cdb7d69246339e097bf23ec0e6b9187a3f9221)
Branch: v3.4
https://github.com/mongodb/mongo/commit/3dacffb42142b0255e1a0dbb99bb5d946a3ffb45

Comment by Githook User [ 21/Sep/17 ]

Author:

{'email': 'kevin.pulo@mongodb.com', 'name': 'Kevin Pulo', 'username': 'devkev'}

Message: SERVER-31176 Use stderr for interactive password prompts
Branch: master
https://github.com/mongodb/mongo/commit/48cdb7d69246339e097bf23ec0e6b9187a3f9221

Generated at Thu Feb 08 04:26:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.