[SERVER-9701] Incorrect warning msg about localhost access enabled Created: 15/May/13  Updated: 05/Jan/16  Resolved: 05/Jan/16

Status: Closed
Project: Core Server
Component/s: Internal Code, Security
Affects Version/s: 2.4.3
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Rahul Dhodapkar
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

conn = startMongod( "--auth",
"--port",
27001,
"--dbpath",
"/data/db/test",
"--setParameter",
"enableLocalhostAuthBypass=0");

var testDB = conn.getDB('test');
testDB.foo.insert(

{b:1}

);
print(tojson(testDB.foo.findOne()));

This will print the warning while still disallowing the insert and find.

Sprint: Security E (01/01/16)
Participants:

 Description   

When disabling the localhost authentication exception the server still prints the warning:

"note: no users configured in admin.system.users, allowing localhost access"



 Comments   
Comment by Rahul Dhodapkar [ 05/Jan/16 ]

Works as intended in 3.2.0 community and enterprise.

Did a significant amount of refactoring around the localhost exception in 3.0, so this was probably resolved.

Generated at Thu Feb 08 03:21:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.