[SERVER-7456] MongoDB commands requiring passwords should be able to prompt for its entry (without it being displayed) Created: 24/Oct/12 Updated: 09/Jul/16 Resolved: 06/Nov/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.2.0 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Simon Harvey | Assignee: | Andy Schwerin |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
RHEL 6 |
||
| Participants: |
| Description |
|
Currently when default authentication is in place many MongoDB commands such as mongodump, mongorestore, mongostat and mongotop require that the password is entered as a parameter in clear text. This risks the password being compromised (e.g. by shoulder surfing). All such commands should enable the user to enter the password without it being echoed, e.g. by prompting for it. |
| Comments |
| Comment by Andy Schwerin [ 08/Nov/12 ] | |||
|
No problem, Simon. We've marked this one for a documentation update. | |||
| Comment by Simon Harvey [ 08/Nov/12 ] | |||
|
Thanks Andy - I hadn't realised that this was possible, but have tested using V2.2 with mongo, mongodump, mongostat etc. and it works as you describe. Regards, Simon. | |||
| Comment by Andy Schwerin [ 06/Nov/12 ] | |||
|
The tools and shell will prompt the user for a password if the user passes the --password flag with no argument or an empty argument. For example,
|