[SERVER-6746] Authentication should only occur over secure channels Created: 09/Aug/12  Updated: 10/Dec/14  Resolved: 30/Apr/13

Status: Closed
Project: Core Server
Component/s: Replication, Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Mark porter Assignee: Andy Schwerin
Resolution: Won't Fix Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

All platforms


Issue Links:
Depends
is depended on by SERVER-4319 MongoDB Authentication related querie... Closed
Duplicate
is duplicated by SERVER-4320 MongoDB Session Management related qu... Closed
Related
Participants:

 Description   

Authentication should only occur over secure channels. Support for SSL/TLS communication should be added for authentication.

This form of authentication should include client certificate authentication for the purpose of mutually authenticating replication partners. Even with anti-replay nonce values and encrypted "keys" clear text authentication will be vulnerable to man-in-the middle attacks.



 Comments   
Comment by Andy Schwerin [ 30/Apr/13 ]

This seems like a best practices documentation issue, rather than a server improvement. Users may set up MongoDB on a secure virtual or physical network, or use SSL to secure the channel used to communicate among nodes and to clients. Is there a specific technical issue I'm missing here, mark?

Generated at Thu Feb 08 03:12:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.