[SERVER-9137] Disable web interface by default Created: 26/Mar/13 Updated: 02/Jan/14 Resolved: 03/Jun/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | HTTP Console, Security |
| Affects Version/s: | None |
| Fix Version/s: | 2.5.1 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Andreas Nilsson |
| Resolution: | Done | Votes: | 2 |
| Labels: | buildbot | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Participants: |
| Description |
|
In our security documentation we recommend running with --nohttpinterface for any users who are concerned with security. We should do that by default whenever the server is running with --auth or --keyFile (or just change the default globally). |
| Comments |
| Comment by auto [ 27/Jun/13 ] |
|
Author: {u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}Message: |
| Comment by auto [ 31/May/13 ] |
|
Author: {u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}Message: |
| Comment by Eliot Horowitz (Inactive) [ 31/May/13 ] |
|
There are a lot of tools that rely on it, so removing it isn't really an option. |
| Comment by Dwight Merriman [ 31/May/13 ] |
|
default to disabled seems reasonable to me. this feels pretty safe as it's administrative so if you upgrade and find it off, well, you'll figure it out. that said, the original intent was that the data in the http display was fundamentally read-only, and not incredibly indicative of content, and thus while presumably that port is blocked to the world, if it weren't, the consequences would be medium at most. that was the intent. and that's why --rest defaults to off. so this sounds ok to me but, should we just get rid of it? is everything it shows available in other tooling? seems simpler long term. i suppose if it defaults to off, it sort of is gone...non-defaults aren't going to be useed all that often unless really important. |
| Comment by Andreas Nilsson [ 30/May/13 ] |
|
tad all the test currently seem to run with the same mongod instance. I think it require some refactoring of smoke.py to run httpClientTest with a specific config. |
| Comment by Tad Marshall [ 30/May/13 ] |
|
milkie I don't think changing smoke.py to cover up the change in default is a good idea. That would be a fast way to get things running again, but it would make future dependencies on httpinterface "work by accident" which I don't think we want. |
| Comment by Andreas Nilsson [ 30/May/13 ] |
|
Fixed the broken build and added another test for the new --httpinterface option. Codereview http://codereview.10gen.com/10818017/ updated. |
| Comment by Eric Milkie [ 30/May/13 ] |
|
This broke the build. We have a test that tests the http interface – looks like you need to change buildscripts/smoke.py to start mongod with the new flag. |
| Comment by Andreas Nilsson [ 29/May/13 ] |
|
Interface change so this needs QA |
| Comment by auto [ 29/May/13 ] |
|
Author: {u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}Message: |