Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Won't Fix
Priority: Major - P3
Fix Version/s: None
Affects Version/s: 3.6.3, 3.6.4
Component/s: Shell
Labels:
None

Operating System:
ALL
Steps To Reproduce:

Hide

Specify a mongodb uri without using the replicaSet option on a replica set whose first member listed is not the primary

Show
Specify a mongodb uri without using the replicaSet option on a replica set whose first member listed is not the primary
Sprint:
Security 2018-11-19, Service Arch 2019-02-11

The 3.6 version of the MongoDB Shell does not error if the replicaSet option is missing. When missing, connection appears to be to first node in the URI list.

In example below, I have used replicaset as the option without an upper case 'S' ie replicaset vs replicaSet.

Arnies-MacBook-Pro:repl3 arnielisthaus$ m 3.6.3
Arnies-MacBook-Pro:repl3 arnielisthaus$ mongo mongodb://localhost:27017,localhost:27018,localhost:27019/?replicaset=replset
MongoDB shell version v3.6.3
connecting to: mongodb://localhost:27017,localhost:27018,localhost:27019/?replicaset=replset
MongoDB server version: 3.6.3
Mongo-Hacker 0.0.14
Server has startup warnings:
2018-04-16T11:44:58.341-0400 I CONTROL  [initandlisten]
2018-04-16T11:44:58.341-0400 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2018-04-16T11:44:58.341-0400 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2018-04-16T11:44:58.341-0400 I CONTROL  [initandlisten]
2018-04-16T11:44:58.341-0400 I CONTROL  [initandlisten] ** WARNING: This server is bound to localhost.
2018-04-16T11:44:58.342-0400 I CONTROL  [initandlisten] **          Remote systems will be unable to connect to this server.
2018-04-16T11:44:58.342-0400 I CONTROL  [initandlisten] **          Start the server with --bind_ip <address> to specify which IP
2018-04-16T11:44:58.342-0400 I CONTROL  [initandlisten] **          addresses it should serve responses from, or with --bind_ip_all to
2018-04-16T11:44:58.342-0400 I CONTROL  [initandlisten] **          bind to all interfaces. If this behavior is desired, start the
2018-04-16T11:44:58.342-0400 I CONTROL  [initandlisten] **          server with --bind_ip 127.0.0.1 to disable this warning.
2018-04-16T11:44:58.342-0400 I CONTROL  [initandlisten]
Arnies-MacBook-Pro(mongod-3.6.3)[SECONDARY:replset] test>

The same is true if no options or any invalid options are passed.

In 3.4, the URI was validated e.g.:

Arnies-MacBook-Pro:repl3 arnielisthaus$ m 3.4.9
Arnies-MacBook-Pro:repl3 arnielisthaus$ mongo mongodb://localhost:27017,localhost:27018,localhost:27019/?replicaset=replset
FailedToParse: Cannot list multiple servers in URL without 'replicaSet' option
try 'mongo --help' for more information

related to

SERVER-39317 Make connection uri options case insensitive

Closed

SERVER-39318 Warn in the shell when using a unrecognized connection uri option

Closed

SERVER-39319 Warn in the shell when connecting to multiple servers that aren't mongos routers without the replicaSet name

Closed

Assignee:: Alyson Cabral (Inactive)

Reporter:: Arnie Listhaus

Participants:: Alexey Menshikov, Alyson Cabral, Arnie Listhaus, Daniel Pasette

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: Apr 16 2018 04:53:36 PM UTC

Updated:: Jan 31 2019 07:58:15 PM UTC

Resolved:: Jan 31 2019 07:58:15 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates