<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:45:16 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-17686] Access to http interface when authentication is enabled</title>
                <link>https://jira.mongodb.org/browse/SERVER-17686</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;&lt;a href=&quot;http://localhost:28017&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://localhost:28017&lt;/a&gt; access is possible without username/password when security is enabled (user exists in db). Shell access and host:28017 is not possible without user name password when security is enabled and user exists. Is this expected behavior ?&lt;/p&gt;</description>
                <environment></environment>
        <key id="191245">SERVER-17686</key>
            <summary>Access to http interface when authentication is enabled</summary>
                <type id="6" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14720&amp;avatarType=issuetype">Question</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="ananth12">ananth</reporter>
                        <labels>
                    </labels>
                <created>Mon, 23 Mar 2015 06:13:07 +0000</created>
                <updated>Tue, 12 May 2015 17:30:46 +0000</updated>
                            <resolved>Tue, 12 May 2015 17:30:46 +0000</resolved>
                                    <version>2.6.3</version>
                                                    <component>HTTP Console</component>
                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>8</watches>
                                                                                                                <comments>
                            <comment id="911827" author="spencer" created="Tue, 12 May 2015 17:30:04 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=franky&quot; class=&quot;user-hover&quot; rel=&quot;franky&quot;&gt;franky&lt;/a&gt;, yes you are correct, I believe you are encountering &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-17379&quot; title=&quot;HTTP interface&amp;#39;s localhost exception check is too permissive&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-17379&quot;&gt;&lt;del&gt;SERVER-17379&lt;/del&gt;&lt;/a&gt; which has been fixed in 3.0.1 and newer releases.  Sorry for the confusion.&lt;/p&gt;</comment>
                            <comment id="899610" author="franky" created="Tue, 28 Apr 2015 08:34:37 +0000"  >&lt;p&gt;Is the username/password requirement forced in Mongo 3.0 when accessing http status interface from localhost?&lt;/p&gt;

&lt;p&gt;I&apos;ve tested version 2.4, mongod started with --auth parameter, from localhost, I could go to &lt;a href=&quot;http://127.0.0.1:28017/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://127.0.0.1:28017/&lt;/a&gt; without username/password.&lt;/p&gt;</comment>
                            <comment id="898835" author="andreas.nilsson@10gen.com" created="Mon, 27 Apr 2015 15:46:21 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=franky&quot; class=&quot;user-hover&quot; rel=&quot;franky&quot;&gt;franky&lt;/a&gt; thanks for your report. This looks like a docs typo to me. Authentication is always required if there are users in the database.&lt;/p&gt;

&lt;p&gt;The localhost exception only applies if there are no users.&lt;/p&gt;

&lt;p&gt;Regards,&lt;br/&gt;
Andreas&lt;/p&gt;</comment>
                            <comment id="898468" author="franky" created="Mon, 27 Apr 2015 06:45:38 +0000"  >&lt;p&gt;Hi,&lt;br/&gt;
I have mongo 3.0 http status interface listening on port 28017. Here&apos;s my config:&lt;/p&gt;

&lt;p&gt;net:&lt;br/&gt;
   port: 27017&lt;br/&gt;
   http:&lt;br/&gt;
      enabled: true&lt;br/&gt;
      RESTInterfaceEnabled: false&lt;br/&gt;
security:&lt;br/&gt;
   authorization: &quot;enabled&quot;&lt;br/&gt;
   keyFile: &quot;...&quot;&lt;/p&gt;

&lt;p&gt;There&apos;re users in db (auth version is: 3.0).&lt;br/&gt;
According to the doc &quot;If security is configured for a mongod instance, authentication is required for a client to access the http interface from another machine&quot;, the http interface should been accessible from local machine without username/password.&lt;/p&gt;

&lt;p&gt;I don&apos;t know why authentication is always required when accessing &lt;a href=&quot;http://localhost:28017&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://localhost:28017&lt;/a&gt; or &lt;a href=&quot;http://my_ip:28017&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://my_ip:28017&lt;/a&gt; from local machine or another machine?&lt;/p&gt;</comment>
                            <comment id="862464" author="ananth12" created="Tue, 24 Mar 2015 16:40:18 +0000"  >&lt;p&gt;It does ask for username/password when we go through hostname:port. It won&apos;t ask for username/password when we go through localhost. If both ways, it does not ask for password then it is consistent with documentation. Reason I asked it here not in stackover flow is because, I felt this is something mongo internals.&lt;/p&gt;</comment>
                            <comment id="861075" author="ramon.fernandez" created="Mon, 23 Mar 2015 16:52:50 +0000"  >&lt;p&gt;Yes &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=ananth12&quot; class=&quot;user-hover&quot; rel=&quot;ananth12&quot;&gt;ananth12&lt;/a&gt;, this is expected. Please see the &lt;a href=&quot;http://docs.mongodb.org/manual/core/security-interface/#http-status-interface&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;documentation on the HTTP interface&lt;/a&gt;, and specially the &lt;a href=&quot;http://docs.mongodb.org/manual/core/security-interface/#rest-api&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;security implications of enabling the REST API&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Please note that the SERVER project is for reporting bugs or feature suggestions for the MongoDB server. For MongoDB-related support discussion please post on the &lt;a href=&quot;http://groups.google.com/group/mongodb-user&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mongodb-user group&lt;/a&gt; or &lt;a href=&quot;http://stackoverflow.com/questions/tagged/mongodb&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Stack Overflow with the &lt;tt&gt;mongodb&lt;/tt&gt; tag&lt;/a&gt;, where your question will reach a larger audience. A question like this involving more discussion would be best posted on the &lt;a href=&quot;http://groups.google.com/group/mongodb-user&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mongodb-user group&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Regards,&lt;br/&gt;
Ram&#243;n.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="186205">SERVER-17379</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 23 Mar 2015 16:52:50 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        8 years, 40 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>spencer@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            8 years, 40 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>ananth12</customfieldvalue>
            <customfieldvalue>andreas.nilsson</customfieldvalue>
            <customfieldvalue>franky</customfieldvalue>
            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>
            <customfieldvalue>spencer@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrla7b:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hs7d5z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrogmf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>