Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36802

Don't omit db.auth() et al from shell history if they don't contain string literal password

    • Type: Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: Shell
    • Server Tooling & Methods

      Calls to db.auth(), db.addUser(), etc aren't added to shell history because this would cause any string literal password in the call to be stored in cleartext in the history file. However, if the password isn't specified as a string literal (eg. passwordPrompt() is called instead), or is omitted completely (if SERVER-3788 is implemented), then the line is safe to add to history in these cases.

            Assignee:
            backlog-server-stm Backlog - Server Tooling and Methods (STM) (Inactive)
            Reporter:
            kevin.pulo@mongodb.com Kevin Pulo
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: