[SERVER-36802] Don't omit db.auth() et al from shell history if they don't contain string literal password Created: 22/Aug/18 Updated: 06/Dec/22 Resolved: 17/Dec/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Kevin Pulo | Assignee: | Backlog - Server Tooling and Methods (STM) (Inactive) |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | move-stm | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Assigned Teams: |
Server Tooling & Methods
|
||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||
| Description |
|
Calls to db.auth(), db.addUser(), etc aren't added to shell history because this would cause any string literal password in the call to be stored in cleartext in the history file. However, if the password isn't specified as a string literal (eg. passwordPrompt() is called instead), or is omitted completely (if |
| Comments |
| Comment by Robert Guo (Inactive) [ 17/Dec/20 ] |
|
We will no longer be adding new features to the old mongo shell outside of a small number of exceptions. Please consider switching to the new shell, mongosh, for general use cases. If this ticket is desired for Server development, please reopen. |