[SERVER-3788] version of auth() that prompts for password so it is never displayed Created: 08/Sep/11  Updated: 12/Nov/19  Resolved: 12/Nov/19

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: None
Fix Version/s: 4.3.1

Type: Improvement Priority: Major - P3
Reporter: Mathias Stearn Assignee: Shreyas Kalyan
Resolution: Done Votes: 2
Labels: platforms-re-triaged
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Documented
is documented by DOCS-13218 Investigate changes in SERVER-3788: v... Closed
Duplicate
duplicates SERVER-3472 Add auth function that prompts for pa... Closed
is duplicated by SERVER-41724 allow db.auth command to prompt for p... Closed
Related
related to SERVER-24391 Prompt for password on user creation ... Closed
is related to SERVER-44008 Create User commands are not added to... Closed
is related to SERVER-36802 Don't omit db.auth() et al from shell... Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2019-11-04, Security 2019-11-18
Participants:

 Description   

Proposed syntax:

> db.auth('username')
Enter password:

Uses askPassword()

Suggested by Dan C



 Comments   
Comment by Githook User [ 11/Nov/19 ]

Author:

{'name': 'Shreyas Kalyan', 'username': 'shreyaskal', 'email': 'shreyas.kalyan@mongodb.com'}

Message: SERVER-3788 version of auth() that prompts for password so it is never displayed
Branch: master
https://github.com/mongodb/mongo/commit/d2b75b4e2a6d1e9db7cbb6120c34b0b44476828e

Comment by Kevin Pulo [ 22/Aug/18 ]

The passwordPrompt() shell js function recently added on SERVER-24391 means that this can just be done directly inside the js implementation of DB.prototype._authOrThrow(), in the case where there is 1 parameter that is either a string (username) or an object without a pwd field. ie. redefining the API of this function to make supplying a password optional, with the shell prompting if it's absent.

It would also be great to do a similar thing in db.createUser(), db.updateUser(), and db.changeUserPassword() (and any other similar user-manipulation functions that take a password).

Generated at Thu Feb 08 03:04:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.