[SERVER-9851] Warn if http dependent options are specified (jsonp/rest) Created: 03/Jun/13 Updated: 02/Aug/18 Resolved: 27/Jun/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | HTTP Console |
| Affects Version/s: | None |
| Fix Version/s: | 2.5.1 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Scott Hernandez (Inactive) | Assignee: | Gregory McKeon (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
If someone tries to start with "rest" or "jsonp" and there is no http support this should be an error and the system should fail to start with an appropriate error message. Currently these options are silently "ignored" (from the users perspective). The other option would be to turn on the http interface if dependent options are specified, like is done with auth/authKey. EDITED TO ADD: Also produce warning is - |
| Comments |
| Comment by Andreas Nilsson [ 27/Jun/13 ] |
|
The following command line combinations will generate warnings for now and errors in the future. Not sure if we want to document it or not. mongod --nohttpinterface (--rest|--jsonp) |
| Comment by auto [ 27/Jun/13 ] |
|
Author: {u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}Message: |
| Comment by Scott Hernandez (Inactive) [ 25/Jun/13 ] |
|
Tad, the goal is to both do unsurprising things but also to turn off the http system when possible for security reasons. Making it harder to turn on the http system, without being explicit at all levels, is part of that plan. Also, our rest isn't really rest. At some point me may deliver a feature more useful, secure and useful but this isn't it, and it may come in an external or optional module – best to address when we get there. |
| Comment by Tad Marshall [ 25/Jun/13 ] |
|
It seems a little user-unfriendly to require "--httpinterface --rest" to turn on "--rest" and "--httpinterface --jsonp" to turn on "--jsonp". It is definitely user-unfriendly to silently ignore "--rest" and "--jsonp" when "--httpinterface" has not also been specified. I think that the "principle of least astonishment" would tell you to enable --httpinterface when a "superset" of that feature is enabled. If the documentation unambiguously describes --rest as enabling "HTTP with REST", for example, this should not cause confusion. |