[SERVER-6898] Allow all authenticated users to run listDatabases Created: 30/Aug/12 Updated: 06/Jun/18 Resolved: 06/Dec/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 3.7.1 |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Jozef Dobos | Assignee: | Sara Golemon |
| Resolution: | Done | Votes: | 2 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||
| Description |
|
EDITED Mar 5 2015
====================== This is currently not possible. The user needs to either know the DB name to connect to upfront, or connect as admin for show dbs to work. 3drepo.org has a use case for this. This is related to: MySQL and others will happily list dbs to any user. |
| Comments |
| Comment by Githook User [ 06/Dec/17 ] |
|
Author: {'username': 'sgolemon', 'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon'}Message: |
| Comment by David Erickson [ 02/Mar/15 ] |
|
I agree with Doug. A user should be able to discover the databases they have read roles for. As sometimes database names are programmatically created based on time buckets, subjects, etc and can't be known ahead of time. Clearly a full listing could be a security issue in a multi-tenanted environment, so redacting the info you don't have access to seems important. |
| Comment by Doug Moran [ 30/Jan/14 ] |
|
+1 - I just voted for this one although I want the user to have to authenticate and get a list of only the databases that they have access to. A separate API call would be fine so as not to hurt backward compatibility. A server flag to turn on this new behavior would also be acceptable. At Pentaho, we like allow our users to select from a list of databases and collections that they have permission to. We do this in both our reporting tool and ETL tool. Reporting users, especially self service reporting users, are used to being able to select databases, tables etc from a graphical UI. We find pick lists a much more satisfying experience than typing into a text box. As app developers add more and more data to MongoDB and lock it down by user and role, they don't want the burden of notifying every report developer or analyst in those roles with every database or permission update. In reality, those users will likely ignore the email when they get it and weeks later when they need access, they will call the admin to find out the names. From the ETL side, selecting the database from a list guarantees that a typo will not create a new DB or collection when they do an insert. Thanks, |
| Comment by Jozef Dobos [ 30/Aug/12 ] |
|
My use case is an Android app connected to the DB directly: http://3drepo.org/portfolio/3d-android-client/ Releasing this on the Android market will not allow me to send emails with usernames/passwords. Instead, I'd want to provide anon user credentials with publicly known password that anyone can use and connect to those dbs for which such credentials have been predefined. The number of dbs will grow over time. |
| Comment by Scott Hernandez (Inactive) [ 30/Aug/12 ] |
|
In general admins tell the user/system which database they have created their account/user on, like via email or the user login page (for hosted apps). For example, most hosting providers like mongolabs/hq will send an email with this information so the user know what host+db As I said, many users depend on the current behavior that database names cannot be seen by non-admin users; not sure how easy this will be to change, but if we find lots of users need this functionality and have a convincing use-case that could change. |
| Comment by Jozef Dobos [ 30/Aug/12 ] |
|
I'm fully aware of the current situation, what I would like is to change that. In MySQL for example you would be able to list all the databases you have some kind of privilege on(what makes perfect sense). I don't mind the user authenticating for every database individually (even if using different username and password). However, I don't see how to let the user know what the databases are. In my setting, each db corresponds to a single project that are being added dynamically. Admin can create user accounts in them, no problem, but how to notify the users that there are new projects in the storage without giving them the admin rights? |
| Comment by Scott Hernandez (Inactive) [ 30/Aug/12 ] |
|
Each db stores a sep. list of users+credentials and the "use db"/getDB call doesn't do anything on the server but simply sets the context to the correct db when doing authentication from the client. You cannot authenticate without the context of a database. The user must know the database before they authenticate, and you must have created a user in a specific database. In order to get a list of databases you must be an admin, which requires you authenticate against the admin database. |
| Comment by Jozef Dobos [ 30/Aug/12 ] |
|
dbname is not part of the login information as far as I'm concerned. I have to open a TCP connection to a mongo instance and only afterwards get a handle of the db I want. Once having the handle, I have to authenticate, see my examples: In javascript shell it would be: In Java: But how do I know the dbname if mongo won't tell me all of the available ones, unless logged in as admin? To get to the list of db names I have to do the following: DB db = m.getDB( "admin" ); and only afterwards can I run m.getDatabaseNames(). I honestly believe I should be able to get the names without the need to authenticate as an admin. To enable my users to get to individual databases, I either have to give them admin credentials or hardcode all the dbnames I allow them to see, both of which are not not appropriate. My client application connects directly to the DB, there is no middle-tier stuff, hence the need. |
| Comment by Scott Hernandez (Inactive) [ 30/Aug/12 ] |
|
The system is designed to secure database names and not leak that information to unauthenticated users (non-admins). You do not need to see the list of dbs in order to authenticate; if you don't know which db you need to authenticate to then you do not have credentials since the db is part of the login information. There is no plan to change this design as many users require their system secure this information from unauthorized users. |