<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:05:38 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-4319] MongoDB Authentication related queries/issues</title>
                <link>https://jira.mongodb.org/browse/SERVER-4319</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;1.	Password hash values should be stored using a random salt and hashed using a strong hash such as SHA256.&lt;br/&gt;
2.	Hash values should not be sent over the network, even as part of a digest.&lt;br/&gt;
3.	Authentication requests should be protected against replay .&lt;br/&gt;
4.	Credentials storage should be protected against access from all users except DBA&apos;s. This includes the actual database files that &lt;br/&gt;
        store the encrypted credentials.&lt;br/&gt;
5.	Ensure integrity of replicated data using either PKI or HMAC technology.&lt;br/&gt;
6.	Authentication should occur only over secure channels. Support  for SSL/TLS communication should be added for authentication. This &lt;br/&gt;
        should include client certificate authentication for the purpose of mutually authenticating replication partners. Even with anti-&lt;br/&gt;
        replay nonce values and encrypted &quot;keys&quot; clear text authentication will be vulnerable to man-in-the middle attacks.&lt;br/&gt;
7.	Provisions for more granular levels of authorization should be added to include provisions for groups and roles for database &lt;br/&gt;
        users.&lt;/p&gt;</description>
                <environment>Windows/Linux/Freebsd</environment>
        <key id="25112">SERVER-4319</key>
            <summary>MongoDB Authentication related queries/issues</summary>
                <type id="6" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14720&amp;avatarType=issuetype">Question</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="mark">Mark porter</assignee>
                                    <reporter username="saurabhdave">Saurabh Dave</reporter>
                        <labels>
                    </labels>
                <created>Fri, 18 Nov 2011 15:45:10 +0000</created>
                <updated>Wed, 15 Aug 2012 14:04:15 +0000</updated>
                            <resolved>Fri, 10 Aug 2012 11:00:18 +0000</resolved>
                                    <version>1.9.0</version>
                                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>7</watches>
                                                                                                                <comments>
                            <comment id="152218" author="mark" created="Fri, 10 Aug 2012 11:00:19 +0000"  >&lt;p&gt;Ticket is duplicate of several others and has been linked accordingly.&lt;/p&gt;</comment>
                            <comment id="152099" author="mark" created="Thu, 9 Aug 2012 20:41:08 +0000"  >&lt;p&gt;@Andy&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6746&quot; title=&quot;Authentication should only occur over secure channels&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6746&quot;&gt;&lt;del&gt;SERVER-6746&lt;/del&gt;&lt;/a&gt; has been logged as discussed and assigned to you, hope that&apos;s ok.&lt;/p&gt;

&lt;p&gt;I&apos;ll mark this ticket as duplicate once I get the OK from Dan.&lt;/p&gt;</comment>
                            <comment id="151166" author="mark" created="Tue, 7 Aug 2012 16:50:40 +0000"  >&lt;p&gt;Hi Saurabh,&lt;/p&gt;

&lt;p&gt;1.	The plan is not to continue to with a local authentication schema, therefore, this makes this request redundant.&lt;/p&gt;

&lt;p&gt;2.	This is standard best-practice request and I believe that &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-3591&quot; title=&quot;Kerberos Support&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-3591&quot;&gt;&lt;del&gt;SERVER-3591&lt;/del&gt;&lt;/a&gt; probably takes care of it. Additionally, &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6407&quot; title=&quot;Authenticate users via LDAP proxy&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6407&quot;&gt;&lt;del&gt;SERVER-6407&lt;/del&gt;&lt;/a&gt; covers ldap authentication and this will obviously include secure ldap (port 636). &lt;/p&gt;

&lt;p&gt;3.	Seems to be a generic request and best request. Have the Security team validated this? I will include this in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-3591&quot; title=&quot;Kerberos Support&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-3591&quot;&gt;&lt;del&gt;SERVER-3591&lt;/del&gt;&lt;/a&gt; and &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6407&quot; title=&quot;Authenticate users via LDAP proxy&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6407&quot;&gt;&lt;del&gt;SERVER-6407&lt;/del&gt;&lt;/a&gt; as a requirement.&lt;/p&gt;

&lt;p&gt;4.	Credentials storage should be protected against access from all users except DBA&apos;s. This includes the actual database files that &lt;br/&gt;
store the encrypted credentials. =&amp;gt; generic statement, covered by &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-3591&quot; title=&quot;Kerberos Support&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-3591&quot;&gt;&lt;del&gt;SERVER-3591&lt;/del&gt;&lt;/a&gt; I suspect&lt;/p&gt;

&lt;p&gt;5.	I believe that the implementation of &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-524&quot; title=&quot;Encryption of wire protocol with SSL&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-524&quot;&gt;&lt;del&gt;SERVER-524&lt;/del&gt;&lt;/a&gt; will take care of this.&lt;/p&gt;

&lt;p&gt;6.      &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-6746&quot; title=&quot;Authentication should only occur over secure channels&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-6746&quot;&gt;&lt;del&gt;SERVER-6746&lt;/del&gt;&lt;/a&gt; has been logged for this request. Elements of &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-524&quot; title=&quot;Encryption of wire protocol with SSL&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-524&quot;&gt;&lt;del&gt;SERVER-524&lt;/del&gt;&lt;/a&gt; will overlap.&lt;/p&gt;

&lt;p&gt;7.	&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-3198&quot; title=&quot;Ability to restrict operations by role&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-3198&quot;&gt;&lt;del&gt;SERVER-3198&lt;/del&gt;&lt;/a&gt; covers this.&lt;/p&gt;

&lt;p&gt;I am marking this ticket as a duplicate and linking to the afore-mentioned tickets as appropriate.&lt;/p&gt;

&lt;p&gt;Mark&lt;/p&gt;</comment>
                            <comment id="67762" author="eliot" created="Sun, 20 Nov 2011 06:35:41 +0000"  >&lt;p&gt;Some of these things have proper tickets already.&lt;/p&gt;

&lt;p&gt;SSL for example &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-524&quot; title=&quot;Encryption of wire protocol with SSL&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-524&quot;&gt;&lt;del&gt;SERVER-524&lt;/del&gt;&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                        <issuelink>
            <issuekey id="11092">SERVER-524</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="17923">SERVER-3198</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="43936">SERVER-6407</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="20946">SERVER-3591</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="46763">SERVER-6746</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Sun, 20 Nov 2011 06:35:41 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        11 years, 27 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<s><a href='https://jira.mongodb.org/browse/SERVER-524'>SERVER-524</a></s>, <s><a href='https://jira.mongodb.org/browse/SERVER-3591'>SERVER-3591</a></s>, <s><a href='https://jira.mongodb.org/browse/SERVER-6407'>SERVER-6407</a></s>, <s><a href='https://jira.mongodb.org/browse/SERVER-3198'>SERVER-3198</a></s>, <s><a href='https://jira.mongodb.org/browse/SERVER-6746'>SERVER-6746</a></s>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ian@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            11 years, 27 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>eliot</customfieldvalue>
            <customfieldvalue>mark</customfieldvalue>
            <customfieldvalue>saurabhdave</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrol87:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrit4v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>23373</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrla3r:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>