<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:10:11 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-5897] Backup with mongodump protecting the credentials</title>
                <link>https://jira.mongodb.org/browse/SERVER-5897</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Security is very important in production deployment, let&apos;s see how do we execute a dump in mongoDB&lt;/p&gt;

&lt;p&gt;./mongodump --host dbh85.test.com --db mydatabase --collection user -u username1 -p ultrasecretpass &lt;/p&gt;

&lt;p&gt;In this case we expose username and password, that&apos;s not good. &lt;/p&gt;

&lt;p&gt;we could have 2 problems if some intruder get this credencials:&lt;br/&gt;
*data changes&lt;br/&gt;
*data theft&lt;/p&gt;

&lt;p&gt;Data changes would be cover with read-only users, but I still have the data theft problem.&lt;/p&gt;

&lt;p&gt;mysql has a -defaults-extra-file option which is very useful for theses cases, for instance:&lt;/p&gt;

&lt;p&gt;mysqldump &lt;del&gt;defaults-extra-file=/home/daniel/protectedlogin.cnf -all&lt;/del&gt; databases  &lt;/p&gt;

&lt;p&gt;where protectedlogin.cnf contains the credentials encrypted. &lt;/p&gt;</description>
                <environment>Windows and Linux (64 bits)</environment>
        <key id="39357">SERVER-5897</key>
            <summary>Backup with mongodump protecting the credentials</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="2" iconUrl="https://jira.mongodb.org/images/icons/priorities/critical.svg">Critical - P2</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="4">Incomplete</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="kcotzen">Carlos Astudillo B.</reporter>
                        <labels>
                            <label>dump</label>
                            <label>mongodump</label>
                            <label>security</label>
                    </labels>
                <created>Tue, 22 May 2012 16:24:16 +0000</created>
                <updated>Mon, 30 Mar 2020 17:34:30 +0000</updated>
                            <resolved>Sat, 15 Sep 2012 14:31:19 +0000</resolved>
                                    <version>2.1.1</version>
                                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>7</watches>
                                                                                                                <comments>
                            <comment id="680679" author="kuijsten" created="Mon, 4 Aug 2014 15:49:57 +0000"  >&lt;p&gt;I constantly keep typing &quot;--authenticationDatabase admin -u joe -p&quot; which is really verbose. I&apos;m already using a workaround for automatic password input by using &quot;&amp;lt; ~/.filewithpass&quot; but this breaks usage of stdin for other purposes. It&apos;s really one of the most annoying things when working a lot with mongoimport, mongoexport, mongorestore etc. and it&apos;s in the way of secure automatic backups.&lt;/p&gt;

&lt;p&gt;It could be easily solved if the cli tools would support reading the credentials from a config file in the homedir of the user. The way like mysql tries to read ~/.my.cnf. This would improve convenience and security by not having to put the password on the command line ever.&lt;/p&gt;</comment>
                            <comment id="164724" author="eliot" created="Sat, 15 Sep 2012 14:31:19 +0000"  >&lt;p&gt;Not sure if there is a possible improvement.&lt;br/&gt;
If there are ideas, please let us know.&lt;/p&gt;</comment>
                            <comment id="122538" author="eliot" created="Thu, 24 May 2012 04:38:39 +0000"  >&lt;p&gt;How is that different than the file with the username/password?&lt;/p&gt;</comment>
                            <comment id="122274" author="kcotzen" created="Wed, 23 May 2012 13:26:32 +0000"  >&lt;p&gt;Actually, that is exactly the problem. The file that launches the db could be seen by an intruder.&lt;/p&gt;</comment>
                            <comment id="122008" author="eliot" created="Tue, 22 May 2012 18:54:40 +0000"  >&lt;p&gt;If you do a ps, the password should be suppressed, so you shouldn&apos;t be able to get it without accessing the file that launches the db, which is the same as accessing a config file.&lt;/p&gt;

&lt;p&gt;Can you verify?&lt;/p&gt;</comment>
                            <comment id="122007" author="kcotzen" created="Tue, 22 May 2012 18:47:40 +0000"  >&lt;p&gt;Exactly. Password I think is critical.&lt;/p&gt;

&lt;p&gt;What happen if i want to create an automatic dump process or export process in a BAT or SHELL?. Currently I have to expose the password to connect to the database.&lt;/p&gt;

&lt;p&gt;If an intruder see the password could be theft the data.&lt;/p&gt;</comment>
                            <comment id="121993" author="eliot" created="Tue, 22 May 2012 18:29:34 +0000"  >&lt;p&gt;Not sure what you&apos;re referring to.&lt;br/&gt;
Is it that the username and password are in the command line? or something else.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1083877">TOOLS-2447</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 22 May 2012 18:29:34 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        9 years, 28 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ryan.chipman@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            9 years, 28 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>kcotzen</customfieldvalue>
            <customfieldvalue>eliot</customfieldvalue>
            <customfieldvalue>kuijsten</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hro2an:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrg5t3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7845</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|ht0ma7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>