[SERVER-3768] db.addUser() appears in shell history, with cleartext passwords Created: 06/Sep/11  Updated: 22/Aug/18  Resolved: 25/Feb/12

Status: Closed
Project: Core Server
Component/s: Security, Shell
Affects Version/s: None
Fix Version/s: 2.0.4, 2.1.1

Type: Bug Priority: Major - P3
Reporter: Aaron Staple Assignee: Mathias Stearn
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-36802 Don't omit db.auth() et al from shell... Closed
Participants:

 Description   

See below - I can retrieve my addUser lines with the up arrow.

Aaron-Staples-MacBook-Pro:mongo aaron$ ./mongo
MongoDB shell version: 2.0.0-rc2-pre-
connecting to: test
> db.addUser( 'aaron', 'mypass' )

{ "n" : 0, "connectionId" : 2, "err" : null, "ok" : 1 }

{
"user" : "aaron",
"readOnly" : false,
"pwd" : "8c875bb39fcf051edc876c0ee71d5585",
"_id" : ObjectId("4e668f1dd04af0d2e2b8b83e")
}
> db.addUser( 'aaron', 'mypass' ) <<<-------- Got this one by pressing up arrow
{
"updatedExisting" : true,
"n" : 1,
"connectionId" : 2,
"err" : null,
"ok" : 1
}
{
"_id" : ObjectId("4e668f1dd04af0d2e2b8b83e"),
"user" : "aaron",
"readOnly" : false,
"pwd" : "8c875bb39fcf051edc876c0ee71d5585"
}
>
bye
Aaron-Staples-MacBook-Pro:mongo aaron$ ./mongo
MongoDB shell version: 2.0.0-rc2-pre-
connecting to: test
> db.addUser( 'aaron', 'mypass' ) <<<-------- Got this one by pressing up arrow
{
"updatedExisting" : true,
"n" : 1,
"connectionId" : 4,
"err" : null,
"ok" : 1
}
{
"_id" : ObjectId("4e668f1dd04af0d2e2b8b83e"),
"user" : "aaron",
"readOnly" : false,
"pwd" : "8c875bb39fcf051edc876c0ee71d5585"
}
>



 Comments   
Comment by auto [ 05/Mar/12 ]

Author:

{u'login': u'erh', u'name': u'Eliot Horowitz', u'email': u'eliot@10gen.com'}

Message: Dont add addUser lines to shell history SERVER-3768

Conflicts:

shell/dbshell.cpp
Branch: v2.0
https://github.com/mongodb/mongo/commit/446f597cf423d62df0b4a6c292b57da1f382649c

Comment by auto [ 25/Feb/12 ]

Author:

{u'login': u'RedBeard0531', u'email': u'mathias@10gen.com', u'name': u'Mathias Stearn'}

Message: Dont add addUser lines to shell history SERVER-3768
Branch: master
https://github.com/mongodb/mongo/commit/88db626c74fac3ee0321f4e28e1f54d15c355fec

Comment by Eliot Horowitz (Inactive) [ 06/Sep/11 ]

should strip from history like .auth()

Generated at Thu Feb 08 03:04:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.