if I run the createUse command as opposed to createUser:
db.runCommand({ createUse: "foo" , pwd: "secret"})
I get no less then three copies of the password in the log:
[gabriel@earthshaker mongo-linux]$ ./mongod -vvvvv 2>&1 | grep secret
2018-03-20T12:57:06.470-0400 D - [conn1] User Assertion: CommandNotFound: no such command: 'createUse', bad cmd: '{ createUse: "foo", pwd: "secret", $db: "test" }' src/mongo/db/service_entry_point_common.cpp 844
2018-03-20T12:57:06.470-0400 D COMMAND [conn1] assertion while executing command 'createUse' on database 'test': CommandNotFound: no such command: 'createUse', bad cmd: '{ createUse: "foo", pwd: "secret", $db: "test" }'
2018-03-20T12:57:06.470-0400 I COMMAND [conn1] command test.$cmd appName: "MongoDB Shell" command: { createUse: "foo", pwd: "secret", $db: "test" } numYields:0 ok:0 errMsg:"no such command: 'createUse', bad cmd: '{ createUse: \"foo\", pwd: \"secret\", $db: \"test\" }'" errName:CommandNotFound errCode:59 reslen:187 locks:{} protocol:op_msg 0ms
- related to
-
SERVER-33302 Missing log redaction for a few failure paths
-
- Closed
-
-
-
- Closed
-