Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.5.4
Affects Version/s: None
Component/s: Security
Labels:
None

Backwards Compatibility:
Minor Change
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

For password policy enforcement the server needs to receive the password in plain text.
For users without SSL, however, they probably want a way to continue the existing behavior of hashing the password in the client before sending it over the wire.

Need to also figure out what the default should be, what the right interface to control this in the drivers is, etc.

is depended on by

SERVER-7363 Allow users to set specify a password validation policy

Open

DRIVERS-103 Manipulate user objects exclusively via commands

Closed

JAVA-909 Update user manipulation helpers to use new manipulation commands provided by the server.

Closed

is duplicated by

SERVER-10648 createUser and updateUser commands should allow client to supply digested password or cleartext password.

Closed

Assignee:: Spencer Brody (Inactive)
Reporter:: Spencer Brody (Inactive)
Participants:: auto, Spencer Brody
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Sep 23 2013 08:14:21 PM UTC
Updated:: Aug 02 2018 09:24:20 PM UTC
Resolved:: Oct 23 2013 10:45:02 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates