[SERVER-5897] Backup with mongodump protecting the credentials Created: 22/May/12 Updated: 30/Mar/20 Resolved: 15/Sep/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.1.1 |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Critical - P2 |
| Reporter: | Carlos Astudillo B. | Assignee: | Unassigned |
| Resolution: | Incomplete | Votes: | 0 |
| Labels: | dump, mongodump, security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Windows and Linux (64 bits) |
||
| Issue Links: |
|
||||||||||||
| Participants: | |||||||||||||
| Description |
|
Security is very important in production deployment, let's see how do we execute a dump in mongoDB ./mongodump --host dbh85.test.com --db mydatabase --collection user -u username1 -p ultrasecretpass In this case we expose username and password, that's not good. we could have 2 problems if some intruder get this credencials: Data changes would be cover with read-only users, but I still have the data theft problem. mysql has a -defaults-extra-file option which is very useful for theses cases, for instance: mysqldump where protectedlogin.cnf contains the credentials encrypted. |
| Comments |
| Comment by Tim [ 04/Aug/14 ] |
|
I constantly keep typing "--authenticationDatabase admin -u joe -p" which is really verbose. I'm already using a workaround for automatic password input by using "< ~/.filewithpass" but this breaks usage of stdin for other purposes. It's really one of the most annoying things when working a lot with mongoimport, mongoexport, mongorestore etc. and it's in the way of secure automatic backups. It could be easily solved if the cli tools would support reading the credentials from a config file in the homedir of the user. The way like mysql tries to read ~/.my.cnf. This would improve convenience and security by not having to put the password on the command line ever. |
| Comment by Eliot Horowitz (Inactive) [ 15/Sep/12 ] |
|
Not sure if there is a possible improvement. |
| Comment by Eliot Horowitz (Inactive) [ 24/May/12 ] |
|
How is that different than the file with the username/password? |
| Comment by Carlos Astudillo B. [ 23/May/12 ] |
|
Actually, that is exactly the problem. The file that launches the db could be seen by an intruder. |
| Comment by Eliot Horowitz (Inactive) [ 22/May/12 ] |
|
If you do a ps, the password should be suppressed, so you shouldn't be able to get it without accessing the file that launches the db, which is the same as accessing a config file. Can you verify? |
| Comment by Carlos Astudillo B. [ 22/May/12 ] |
|
Exactly. Password I think is critical. What happen if i want to create an automatic dump process or export process in a BAT or SHELL?. Currently I have to expose the password to connect to the database. If an intruder see the password could be theft the data. |
| Comment by Eliot Horowitz (Inactive) [ 22/May/12 ] |
|
Not sure what you're referring to. |