-
Type: Question
-
Resolution: Duplicate
-
Priority: Minor - P4
-
None
-
Affects Version/s: 2.6.3
-
Component/s: HTTP Console, Security
-
None
http://localhost:28017 access is possible without username/password when security is enabled (user exists in db). Shell access and host:28017 is not possible without user name password when security is enabled and user exists. Is this expected behavior ?
- duplicates
-
SERVER-17379 HTTP interface's localhost exception check is too permissive
- Closed