[SERVER-3768] db.addUser() appears in shell history, with cleartext passwords Created: 06/Sep/11 Updated: 22/Aug/18 Resolved: 25/Feb/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Shell |
| Affects Version/s: | None |
| Fix Version/s: | 2.0.4, 2.1.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Aaron Staple | Assignee: | Mathias Stearn |
| Resolution: | Done | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Description |
|
See below - I can retrieve my addUser lines with the up arrow. Aaron-Staples-MacBook-Pro:mongo aaron$ ./mongo { |
| Comments |
| Comment by auto [ 05/Mar/12 ] |
|
Author: {u'login': u'erh', u'name': u'Eliot Horowitz', u'email': u'eliot@10gen.com'}Message: Dont add addUser lines to shell history Conflicts: shell/dbshell.cpp |
| Comment by auto [ 25/Feb/12 ] |
|
Author: {u'login': u'RedBeard0531', u'email': u'mathias@10gen.com', u'name': u'Mathias Stearn'}Message: Dont add addUser lines to shell history |
| Comment by Eliot Horowitz (Inactive) [ 06/Sep/11 ] |
|
should strip from history like .auth() |