Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17527

Add startupWarning if server started with --rest or --httpinterface and access control is enabled

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.1.8
    • Affects Version/s: None
    • Component/s: Security, Usability
    • None
    • Fully Compatible
    • Security 9 (09/18/15)

      The http interface doesn't work with SCRAM-SHA-1 user documents and is generally considered insecure. In our documentation we advise any users concerned with the security of their deployment to disable the http interface. We should add a startWarning so users will see in their logs and in MMS if they are running with this type of configuration.

            Assignee:
            robert.guo@mongodb.com Robert Guo (Inactive)
            Reporter:
            spencer@mongodb.com Spencer Brody (Inactive)
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: