<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:29:21 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-12713]  Redact db.changeUserPassword() from shell command history</title>
                <link>https://jira.mongodb.org/browse/SERVER-12713</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;The  db.changeUserPassword() is in history. Any user that can connect to the mongo shell can use the uparrow to see the changed password in plain text.&lt;/p&gt;

&lt;p&gt;Workaround:&lt;br/&gt;
Prehash the password and change it with something like the following:&lt;/p&gt;

&lt;p&gt;db.system.users.update(&lt;/p&gt;
{ &quot;pwd&quot; : &quot;&apos; + hashedoldpassword + &apos;&quot;}
&lt;p&gt; , { $set: &lt;/p&gt;
{ &quot;pwd&quot; : &quot;&apos; + hashednewpassword + &apos;&quot;}
&lt;p&gt; } )&lt;/p&gt;</description>
                <environment></environment>
        <key id="110653">SERVER-12713</key>
            <summary> Redact db.changeUserPassword() from shell command history</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="5" iconUrl="https://jira.mongodb.org/images/icons/priorities/trivial.svg">Trivial - P5</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="jeffery.schnick@nike.com">Jeffery Schnick</reporter>
                        <labels>
                    </labels>
                <created>Thu, 13 Feb 2014 18:39:23 +0000</created>
                <updated>Wed, 10 Dec 2014 23:05:37 +0000</updated>
                            <resolved>Tue, 18 Feb 2014 04:38:00 +0000</resolved>
                                    <version>2.4.9</version>
                                                    <component>Security</component>
                    <component>Shell</component>
                                        <votes>0</votes>
                                    <watches>9</watches>
                                                                                                                <comments>
                            <comment id="500440" author="dan@10gen.com" created="Tue, 18 Feb 2014 04:38:00 +0000"  >&lt;p&gt;fixed in 2.5.1: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-9939&quot; title=&quot;createUser and updateUser commands aren&amp;#39;t filtered from shell history, even though they may contain user&amp;#39;s password&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-9939&quot;&gt;&lt;del&gt;SERVER-9939&lt;/del&gt;&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="498735" author="james.wahlin@10gen.com" created="Thu, 13 Feb 2014 19:26:00 +0000"  >&lt;p&gt;Hi Jeffery,&lt;/p&gt;

&lt;p&gt;This is a valid feature request. I do want to point out though that the shell will write history to a local file called &quot;.dbshell&quot;. If the shell can derive a user directory it will write this under that directory, if not it will write to the current directory. If you have a standard user that people log in under one workaround is to create this file yourself and restrict writing to it for that user. The shell will still launch and be usable but it will not be able to write history.&lt;/p&gt;

&lt;p&gt;Cheers,&lt;br/&gt;
James&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="79149">SERVER-9939</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 13 Feb 2014 18:45:47 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        10 years, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            10 years, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>dan@mongodb.com</customfieldvalue>
            <customfieldvalue>james.wahlin@mongodb.com</customfieldvalue>
            <customfieldvalue>jeffery.schnick@nike.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrm1nr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrw3bj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>101244</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10750" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Steps To Reproduce</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;&lt;span class=&quot;error&quot;&gt;&amp;#91;root@localhost ~&amp;#93;&lt;/span&gt;# mongo admin -u thisguy -p oldpassword --port 27001&lt;br/&gt;
MongoDB shell version: 2.4.9&lt;br/&gt;
connecting to: 127.0.0.1:27001/admin&lt;br/&gt;
testset2:PRIMARY&amp;gt; db.changeUserPassword(&quot;thisguy&quot;, &quot;newpassword&quot;)&lt;br/&gt;
testset2:PRIMARY&amp;gt; exit&lt;br/&gt;
bye&lt;br/&gt;
&lt;span class=&quot;error&quot;&gt;&amp;#91;root@localhost ~&amp;#93;&lt;/span&gt;# mongo admin -u thisguy -p newpassword --port 27001&lt;br/&gt;
MongoDB shell version: 2.4.9&lt;br/&gt;
connecting to: 127.0.0.1:27001/admin&lt;br/&gt;
testset2:PRIMARY&amp;gt; exit&lt;br/&gt;
bye&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;Login as a different user&lt;br/&gt;
&lt;span class=&quot;error&quot;&gt;&amp;#91;root@localhost ~&amp;#93;&lt;/span&gt;# mongo admin -u daddy -p password --port 27001&lt;br/&gt;
MongoDB shell version: 2.4.9&lt;br/&gt;
connecting to: 127.0.0.1:27001/admin&lt;/li&gt;
	&lt;li&gt;up arrow&lt;br/&gt;
testset2:PRIMARY&amp;gt; db.changeUserPassword(&quot;thisguy&quot;, &quot;newpassword&quot;)&lt;/li&gt;
&lt;/ol&gt;
</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hsoxdz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>