[SERVER-5897] Backup with mongodump protecting the credentials Created: 22/May/12  Updated: 30/Mar/20  Resolved: 15/Sep/12

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.1.1
Fix Version/s: None

Type: New Feature Priority: Critical - P2
Reporter: Carlos Astudillo B. Assignee: Unassigned
Resolution: Incomplete Votes: 0
Labels: dump, mongodump, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows and Linux (64 bits)


Issue Links:
Depends
Related
related to TOOLS-2447 Improve processlist output Closed
Participants:

 Description   

Security is very important in production deployment, let's see how do we execute a dump in mongoDB

./mongodump --host dbh85.test.com --db mydatabase --collection user -u username1 -p ultrasecretpass

In this case we expose username and password, that's not good.

we could have 2 problems if some intruder get this credencials:
*data changes
*data theft

Data changes would be cover with read-only users, but I still have the data theft problem.

mysql has a -defaults-extra-file option which is very useful for theses cases, for instance:

mysqldump defaults-extra-file=/home/daniel/protectedlogin.cnf -all databases

where protectedlogin.cnf contains the credentials encrypted.



 Comments   
Comment by Tim [ 04/Aug/14 ]

I constantly keep typing "--authenticationDatabase admin -u joe -p" which is really verbose. I'm already using a workaround for automatic password input by using "< ~/.filewithpass" but this breaks usage of stdin for other purposes. It's really one of the most annoying things when working a lot with mongoimport, mongoexport, mongorestore etc. and it's in the way of secure automatic backups.

It could be easily solved if the cli tools would support reading the credentials from a config file in the homedir of the user. The way like mysql tries to read ~/.my.cnf. This would improve convenience and security by not having to put the password on the command line ever.

Comment by Eliot Horowitz (Inactive) [ 15/Sep/12 ]

Not sure if there is a possible improvement.
If there are ideas, please let us know.

Comment by Eliot Horowitz (Inactive) [ 24/May/12 ]

How is that different than the file with the username/password?

Comment by Carlos Astudillo B. [ 23/May/12 ]

Actually, that is exactly the problem. The file that launches the db could be seen by an intruder.

Comment by Eliot Horowitz (Inactive) [ 22/May/12 ]

If you do a ps, the password should be suppressed, so you shouldn't be able to get it without accessing the file that launches the db, which is the same as accessing a config file.

Can you verify?

Comment by Carlos Astudillo B. [ 22/May/12 ]

Exactly. Password I think is critical.

What happen if i want to create an automatic dump process or export process in a BAT or SHELL?. Currently I have to expose the password to connect to the database.

If an intruder see the password could be theft the data.

Comment by Eliot Horowitz (Inactive) [ 22/May/12 ]

Not sure what you're referring to.
Is it that the username and password are in the command line? or something else.

Generated at Thu Feb 08 03:10:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.