[SERVER-44008] Create User commands are not added to mongo shell history Created: 15/Oct/19 Updated: 27/Oct/23 Resolved: 16/Oct/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Oleg Pudeyev (Inactive) | Assignee: | Unassigned |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Operating System: | ALL | ||||||||||||
| Participants: | |||||||||||||
| Description |
|
I just compiled 4.2 server and when I run commands against it from the 4.2 shell, which fail, the failing commands are not added to the history buffer. Session log:
Despite me issuing a number of commands, the next available command in the history is serverStatus. |
| Comments |
| Comment by Kevin Pulo [ 22/Oct/19 ] |
| Comment by Eric Milkie [ 16/Oct/19 ] |
|
The blame for the line I linked shows that this was originally added in 2013, over 6 years ago. Even if well known security guidance was followed back then, security in general has greatly changed in the years since. Today, the highest security setups will not use passwords in the shell at all and instead will use an external authentication scheme. |
| Comment by Oleg Pudeyev (Inactive) [ 16/Oct/19 ] |
|
When I connect to a server with the mongo shell using a URI, the plain text password is stored in my shell history. It is also available through the environment variables to all other processes on the same machine. All applications connecting to MongoDB specify their passwords in plain text in the configuration files, or in the environment variables. This includes development, staging and production environments. Therefore, while I agree that there is a theoretical security benefit in omitting createUser commands from history, I would argue that in practice the passwords that are not written to mongo shell's history file are written to other files anyway, thus the security benefit is not practically realized. Is there well known security guidance that was followed when it was decided to completely omit createUser commands from history? As it is, there is a definite usability deficiency when a user uses this command, and it is not clear to me that the security benefit is meaningful. |
| Comment by Danny Hatcher (Inactive) [ 16/Oct/19 ] |
|
Closing as Works as Designed |
| Comment by Eric Milkie [ 15/Oct/19 ] |
|
It's not failing commands; it's the createUser() helper explicitly. Here's the code: |