[SERVER-53770] mongo shell should prohibit port numbers in mongodb+srv connection strings Created: 14/Jan/21  Updated: 06/Dec/22  Resolved: 19/Jan/21

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: 4.9.0
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Jeremy Mikola Assignee: Backlog - Security Team
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to PHPC-1730 Connection string with "mongodb+srv" ... Closed
Assigned Teams:
Server Security
Operating System: ALL
Steps To Reproduce:

$ mongo mongodb+srv://catdev.jdx66.mongodb.net:27017
MongoDB shell version v4.9.0-alpha-622-gcb49f58
connecting to: mongodb://catdev-shard-00-00.jdx66.mongodb.net:27017,catdev-shard-00-01.jdx66.mongodb.net:27017,catdev-shard-00-02.jdx66.mongodb.net:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb&replicaSet=atlas-dp03gg-shard-0&ssl=true

Participants:

 Description   

In PHPC-1730, a user noted that the mongo shell accepts a port number in a mongodb+srv connection string and asked why the same URI was rejected by the PHP driver. To quote the Initial DNS Seedlist Discovery spec:

It is an error to specify a port in a connection string with the mongodb+srv protocol, and the driver MUST raise a parse error and MUST NOT do DNS resolution or contact hosts.

I presume the mongo shell ignores the port, but it may be preferable to raise an error for the sake of consistency with drivers.

Note: this only pertains to mongo and is not an issue for mongosh since that uses the Node.js driver (which should already comply with the spec).



 Comments   
Comment by Edwin Zhou [ 14/Jan/21 ]

Given that this already exists for mongosh, it doesn't appear to me as a needed fix. I will assign it to security for their input.

Generated at Thu Feb 08 05:31:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.