[SERVER-8143] saslContinue command returns confusing error message when the user can't be found Created: 10/Jan/13 Updated: 11/Jul/16 Resolved: 15/Jan/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 2.4.0-rc0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Jeffrey Yemin | Assignee: | Andy Schwerin |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
This affects the upcoming 2.3.2 release. If you start a sasl conversation and specify a database that does not define the given user, you get back this document:
Expected results:
|
| Comments |
| Comment by Andy Schwerin [ 11/Jan/13 ] |
|
Authentication failure messages should not reveal that the user does or does not exist. Updated "expected behavior". |