-
Type: Improvement
-
Resolution: Unresolved
-
Priority: Major - P3
-
Affects Version/s: 3.0.0
-
Component/s: Security
-
Server Security
We should investigate whether we want to log to the audit log when a user attempts to authenticate with a nonexistent auth mechanism, for example:
> db.auth({user:"amalia", pwd:"123456", mechanism:"fake"});
This currently does not log to the audit log, and we may wish to change that behavior.
- is related to
-
SERVER-17507 MongoDB3 enterprise AuditLog
- Closed