The http interface doesn't work with SCRAM-SHA-1 user documents and is generally considered insecure. In our documentation we advise any users concerned with the security of their deployment to disable the http interface. We should add a startWarning so users will see in their logs and in MMS if they are running with this type of configuration.
- is related to
-
SERVER-17512 Unable to authenticate with web console with SCRAM-SHA-1
- Closed
- related to
-
SERVER-17390 HTTP Interface does not work with SCRAM User Documents
- Closed
-
SERVER-21348 'compatability' typo in web-server start-up warning
- Closed