[SERVER-4319] MongoDB Authentication related queries/issues Created: 18/Nov/11 Updated: 15/Aug/12 Resolved: 10/Aug/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 1.9.0 |
| Fix Version/s: | None |
| Type: | Question | Priority: | Major - P3 |
| Reporter: | Saurabh Dave | Assignee: | Mark porter |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Windows/Linux/Freebsd |
||
| Issue Links: |
|
||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||
| Description |
|
1. Password hash values should be stored using a random salt and hashed using a strong hash such as SHA256. |
| Comments |
| Comment by Mark porter [ 10/Aug/12 ] |
|
Ticket is duplicate of several others and has been linked accordingly. |
| Comment by Mark porter [ 09/Aug/12 ] |
|
@Andy
I'll mark this ticket as duplicate once I get the OK from Dan. |
| Comment by Mark porter [ 07/Aug/12 ] |
|
Hi Saurabh, 1. The plan is not to continue to with a local authentication schema, therefore, this makes this request redundant. 2. This is standard best-practice request and I believe that 3. Seems to be a generic request and best request. Have the Security team validated this? I will include this in 4. Credentials storage should be protected against access from all users except DBA's. This includes the actual database files that 5. I believe that the implementation of 6. 7. I am marking this ticket as a duplicate and linking to the afore-mentioned tickets as appropriate. Mark |
| Comment by Eliot Horowitz (Inactive) [ 20/Nov/11 ] |
|
Some of these things have proper tickets already. SSL for example |