<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:25:41 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-30997] mongo cli --password is masked, but not when using mongodb:// connection string </title>
                <link>https://jira.mongodb.org/browse/SERVER-30997</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;When using the following:&lt;/p&gt;

&lt;p&gt;$ mongo --host 127.0.0.1 --user admin --password superSecret12345&lt;br/&gt;
$ ps auxww | grep mongo&lt;br/&gt;
$ mongo mongodb://admin:superSecret12345@127.0.0.1/&lt;br/&gt;
$ ps auxww | grep mongo&lt;/p&gt;

&lt;p&gt;You see that --password value has been masked with &quot;x&quot; characters, so you don&apos;t easily expose the password to others. However, when connecting using the mongodb:// connection string, which is still waiting to be documented ( &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-9033&quot; title=&quot;Support MongoDB URIs as mongo shell argument&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-9033&quot;&gt;&lt;del&gt;DOCS-9033&lt;/del&gt;&lt;/a&gt; ) , the password is not masked.&lt;/p&gt;

&lt;p&gt;In the mongodb:// method as well, the password is also leaked into the stdout of the cli when it displays &quot;connecting to: mongodb://admin:superSecret12345@127.0.0.1/&quot;&lt;/p&gt;

&lt;p&gt;I believe these should be masked in the same way, so the password is never displayed in the running process cmdline or in the stdout line displayed saying it is connecting.&lt;/p&gt;</description>
                <environment>Linux</environment>
        <key id="425096">SERVER-30997</key>
            <summary>mongo cli --password is masked, but not when using mongodb:// connection string </summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="jonathan.reams@mongodb.com">Jonathan Reams</assignee>
                                    <reporter username="aqueen">Aaron Queen</reporter>
                        <labels>
                            <label>mongo</label>
                            <label>security</label>
                            <label>tools</label>
                    </labels>
                <created>Thu, 7 Sep 2017 21:26:20 +0000</created>
                <updated>Mon, 30 Oct 2023 23:13:45 +0000</updated>
                            <resolved>Mon, 30 Jul 2018 15:51:47 +0000</resolved>
                                    <version>3.4.7</version>
                                    <fixVersion>3.6.9</fixVersion>
                    <fixVersion>4.0.3</fixVersion>
                    <fixVersion>4.1.2</fixVersion>
                                    <component>Tools</component>
                                        <votes>0</votes>
                                    <watches>10</watches>
                                                                                                                <comments>
                            <comment id="2012174" author="xgen-internal-githook" created="Mon, 24 Sep 2018 16:50:55 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ian Boros&apos;, &apos;email&apos;: &apos;ian.boros@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-30997&quot; title=&quot;mongo cli --password is masked, but not when using mongodb:// connection string &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-30997&quot;&gt;&lt;del&gt;SERVER-30997&lt;/del&gt;&lt;/a&gt; fix error code&lt;/p&gt;

&lt;p&gt;(cherry picked from commit 40a611d43c5a33f72066ffcf26708e43bbd4cd16)&lt;br/&gt;
Branch: v3.6&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/5ad044f08a123fd46ee0d0aefcb92feb65bc9808&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/5ad044f08a123fd46ee0d0aefcb92feb65bc9808&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2012172" author="xgen-internal-githook" created="Mon, 24 Sep 2018 16:50:52 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jonathan Reams&apos;, &apos;email&apos;: &apos;jbreams@mongodb.com&apos;, &apos;username&apos;: &apos;jbreams&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-30997&quot; title=&quot;mongo cli --password is masked, but not when using mongodb:// connection string &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-30997&quot;&gt;&lt;del&gt;SERVER-30997&lt;/del&gt;&lt;/a&gt; Redact passwords and options from MongoURI in shell command line&lt;/p&gt;

&lt;p&gt;(cherry picked from commit 35898a0c48b0bb1bcb0a69f7db646d2fda4ec5de)&lt;br/&gt;
Branch: v3.6&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/0127c73e91466d592419d01504800f0d599ec66f&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/0127c73e91466d592419d01504800f0d599ec66f&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2012160" author="xgen-internal-githook" created="Mon, 24 Sep 2018 16:47:45 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ian Boros&apos;, &apos;email&apos;: &apos;ian.boros@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-30997&quot; title=&quot;mongo cli --password is masked, but not when using mongodb:// connection string &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-30997&quot;&gt;&lt;del&gt;SERVER-30997&lt;/del&gt;&lt;/a&gt; fix error code&lt;/p&gt;

&lt;p&gt;(cherry picked from commit 40a611d43c5a33f72066ffcf26708e43bbd4cd16)&lt;br/&gt;
Branch: v4.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/69dd60bb3937d2663c397e1e28238c4f63f02c5b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/69dd60bb3937d2663c397e1e28238c4f63f02c5b&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2012159" author="xgen-internal-githook" created="Mon, 24 Sep 2018 16:47:43 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jonathan Reams&apos;, &apos;email&apos;: &apos;jbreams@mongodb.com&apos;, &apos;username&apos;: &apos;jbreams&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-30997&quot; title=&quot;mongo cli --password is masked, but not when using mongodb:// connection string &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-30997&quot;&gt;&lt;del&gt;SERVER-30997&lt;/del&gt;&lt;/a&gt; Redact passwords and options from MongoURI in shell command line&lt;/p&gt;

&lt;p&gt;(cherry picked from commit 35898a0c48b0bb1bcb0a69f7db646d2fda4ec5de)&lt;br/&gt;
Branch: v4.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/61ec2c71ccf85655581df077518843c6d191027c&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/61ec2c71ccf85655581df077518843c6d191027c&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1960405" author="xgen-internal-githook" created="Mon, 30 Jul 2018 16:46:17 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ian Boros&apos;, &apos;email&apos;: &apos;ian.boros@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-30997&quot; title=&quot;mongo cli --password is masked, but not when using mongodb:// connection string &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-30997&quot;&gt;&lt;del&gt;SERVER-30997&lt;/del&gt;&lt;/a&gt; fix error code&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/40a611d43c5a33f72066ffcf26708e43bbd4cd16&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/40a611d43c5a33f72066ffcf26708e43bbd4cd16&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1960288" author="xgen-internal-githook" created="Mon, 30 Jul 2018 15:46:13 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jonathan Reams&apos;, &apos;email&apos;: &apos;jbreams@mongodb.com&apos;, &apos;username&apos;: &apos;jbreams&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-30997&quot; title=&quot;mongo cli --password is masked, but not when using mongodb:// connection string &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-30997&quot;&gt;&lt;del&gt;SERVER-30997&lt;/del&gt;&lt;/a&gt; Redact passwords and options from MongoURI in shell command line&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/35898a0c48b0bb1bcb0a69f7db646d2fda4ec5de&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/35898a0c48b0bb1bcb0a69f7db646d2fda4ec5de&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1668698" author="ramon.fernandez" created="Sat, 9 Sep 2017 11:22:58 +0000"  >&lt;p&gt;Thanks for your report &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=aqueen&quot; class=&quot;user-hover&quot; rel=&quot;aqueen&quot;&gt;aqueen&lt;/a&gt;. I tried reproducing in MacOS with the latest development version and in both cases the password is not masked. Sending to the Platform team for consideration.&lt;/p&gt;

&lt;p&gt;Regards,&lt;br/&gt;
Ram&#243;n.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="590262">SERVER-36744</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="425088">TOOLS-1782</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="15640"><![CDATA[v4.0]]></customfieldvalue>
    <customfieldvalue key="15141"><![CDATA[v3.6]]></customfieldvalue>
    <customfieldvalue key="14340"><![CDATA[v3.4]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Sat, 9 Sep 2017 11:22:58 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        5 years, 20 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-1184</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            5 years, 20 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_16465" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Linked BF Score</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>aqueen</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>jonathan.reams@mongodb.com</customfieldvalue>
            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hteepb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|htt6sv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="2371">Platforms 2018-07-30</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hte0sf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>