<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:19:29 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-9137] Disable web interface by default </title>
                <link>https://jira.mongodb.org/browse/SERVER-9137</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;In our security documentation we recommend running with --nohttpinterface for any users who are concerned with security.  We should do that by default whenever the server is running with --auth or --keyFile (or just change the default globally).&lt;/p&gt;</description>
                <environment></environment>
        <key id="69782">SERVER-9137</key>
            <summary>Disable web interface by default </summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="andreas.nilsson">Andreas Nilsson</assignee>
                                    <reporter username="spencer@mongodb.com">Spencer Brody</reporter>
                        <labels>
                            <label>buildbot</label>
                    </labels>
                <created>Tue, 26 Mar 2013 14:58:03 +0000</created>
                <updated>Thu, 2 Jan 2014 17:59:27 +0000</updated>
                            <resolved>Mon, 3 Jun 2013 20:32:02 +0000</resolved>
                                                    <fixVersion>2.5.1</fixVersion>
                                    <component>HTTP Console</component>
                    <component>Security</component>
                                        <votes>2</votes>
                                    <watches>9</watches>
                                                                                                                <comments>
                            <comment id="368891" author="auto" created="Thu, 27 Jun 2013 10:34:00 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-9137&quot; title=&quot;Disable web interface by default &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-9137&quot;&gt;&lt;del&gt;SERVER-9137&lt;/del&gt;&lt;/a&gt; Test of new httpinterface parameter&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/eed9f7d6bfe906f906df39765550a103c3764fd6&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/eed9f7d6bfe906f906df39765550a103c3764fd6&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="349872" author="auto" created="Fri, 31 May 2013 14:40:44 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-9137&quot; title=&quot;Disable web interface by default &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-9137&quot;&gt;&lt;del&gt;SERVER-9137&lt;/del&gt;&lt;/a&gt; Added --httpinterface flag to mongod smoke tests&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/f844ed02b1df1b54ea96b6e902cb7ab0663612d8&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/f844ed02b1df1b54ea96b6e902cb7ab0663612d8&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="349714" author="eliot" created="Fri, 31 May 2013 10:51:25 +0000"  >&lt;p&gt;There are a lot of tools that rely on it, so removing it isn&apos;t really an option.&lt;/p&gt;</comment>
                            <comment id="349566" author="dwight_10gen" created="Fri, 31 May 2013 04:25:47 +0000"  >&lt;p&gt;default to disabled seems reasonable to me.  this feels pretty safe as it&apos;s administrative so if you upgrade and find it off, well, you&apos;ll figure it out.&lt;/p&gt;

&lt;p&gt;that said, the original intent was that the data in the http display was fundamentally read-only, and not incredibly indicative of content, and thus while presumably that port is blocked to the world, if it weren&apos;t, the consequences would be medium at most.  that was the intent.  and that&apos;s why --rest defaults to off.&lt;/p&gt;

&lt;p&gt;so this sounds ok to me but,  should we just get rid of it?  is everything it shows available in other tooling?  seems simpler long term.&lt;/p&gt;

&lt;p&gt;i suppose if it defaults to off, it sort of is gone...non-defaults aren&apos;t going to be useed all that often unless really important.&lt;/p&gt;
</comment>
                            <comment id="349281" author="andreas.nilsson@10gen.com" created="Thu, 30 May 2013 21:35:17 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=tad&quot; class=&quot;user-hover&quot; rel=&quot;tad&quot;&gt;tad&lt;/a&gt; all the test currently seem to run with the same mongod instance. I think it require some refactoring of smoke.py to run httpClientTest with a specific config.&lt;/p&gt;</comment>
                            <comment id="349266" author="tad" created="Thu, 30 May 2013 21:20:49 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=milkie&quot; class=&quot;user-hover&quot; rel=&quot;milkie&quot;&gt;milkie&lt;/a&gt; I don&apos;t think changing smoke.py to cover up the change in default is a good idea.  That would be a fast way to get things running again, but it would make future dependencies on httpinterface &quot;work by accident&quot; which I don&apos;t think we want.&lt;/p&gt;</comment>
                            <comment id="349243" author="andreas.nilsson@10gen.com" created="Thu, 30 May 2013 20:57:52 +0000"  >&lt;p&gt;Fixed the broken build and added another test for the new --httpinterface option. Codereview &lt;a href=&quot;http://codereview.10gen.com/10818017/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://codereview.10gen.com/10818017/&lt;/a&gt; updated.&lt;/p&gt;</comment>
                            <comment id="348430" author="milkie" created="Thu, 30 May 2013 00:31:52 +0000"  >&lt;p&gt;This broke the build.&lt;br/&gt;
&lt;a href=&quot;http://buildbot.mongodb.org/builders/Linux%2064-bit/builds/5438/steps/test_7/logs/stdio&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://buildbot.mongodb.org/builders/Linux%2064-bit/builds/5438/steps/test_7/logs/stdio&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;We have a test that tests the http interface &amp;#8211; looks like you need to change buildscripts/smoke.py to start mongod with the new flag.&lt;/p&gt;</comment>
                            <comment id="348278" author="andreas.nilsson@10gen.com" created="Wed, 29 May 2013 21:12:50 +0000"  >&lt;p&gt;Interface change so this needs QA&lt;/p&gt;</comment>
                            <comment id="348274" author="auto" created="Wed, 29 May 2013 21:08:31 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;agralius&apos;, u&apos;name&apos;: u&apos;Andreas Nilsson&apos;, u&apos;email&apos;: u&apos;andreas.nilsson@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-9137&quot; title=&quot;Disable web interface by default &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-9137&quot;&gt;&lt;del&gt;SERVER-9137&lt;/del&gt;&lt;/a&gt; Disable internal web interface by default&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/4e53ef60ef44a74114f7d5acc0b15f2ff9d477cf&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/4e53ef60ef44a74114f7d5acc0b15f2ff9d477cf&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>10.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 26 Mar 2013 15:42:34 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        10 years, 33 weeks, 6 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ian@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            10 years, 33 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>andreas.nilsson</customfieldvalue>
            <customfieldvalue>auto</customfieldvalue>
            <customfieldvalue>dwight@mongodb.com</customfieldvalue>
            <customfieldvalue>eliot</customfieldvalue>
            <customfieldvalue>milkie@mongodb.com</customfieldvalue>
            <customfieldvalue>spencer@mongodb.com</customfieldvalue>
            <customfieldvalue>tad</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrmzof:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrmxn3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>47544</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hriwdb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>