Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-3768

db.addUser() appears in shell history, with cleartext passwords

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.0.4, 2.1.1
    • Affects Version/s: None
    • Component/s: Security, Shell
    • None

      See below - I can retrieve my addUser lines with the up arrow.

      Aaron-Staples-MacBook-Pro:mongo aaron$ ./mongo
      MongoDB shell version: 2.0.0-rc2-pre-
      connecting to: test
      > db.addUser( 'aaron', 'mypass' )

      { "n" : 0, "connectionId" : 2, "err" : null, "ok" : 1 }

      {
      "user" : "aaron",
      "readOnly" : false,
      "pwd" : "8c875bb39fcf051edc876c0ee71d5585",
      "_id" : ObjectId("4e668f1dd04af0d2e2b8b83e")
      }
      > db.addUser( 'aaron', 'mypass' ) <<<-------- Got this one by pressing up arrow
      {
      "updatedExisting" : true,
      "n" : 1,
      "connectionId" : 2,
      "err" : null,
      "ok" : 1
      }
      {
      "_id" : ObjectId("4e668f1dd04af0d2e2b8b83e"),
      "user" : "aaron",
      "readOnly" : false,
      "pwd" : "8c875bb39fcf051edc876c0ee71d5585"
      }
      >
      bye
      Aaron-Staples-MacBook-Pro:mongo aaron$ ./mongo
      MongoDB shell version: 2.0.0-rc2-pre-
      connecting to: test
      > db.addUser( 'aaron', 'mypass' ) <<<-------- Got this one by pressing up arrow
      {
      "updatedExisting" : true,
      "n" : 1,
      "connectionId" : 4,
      "err" : null,
      "ok" : 1
      }
      {
      "_id" : ObjectId("4e668f1dd04af0d2e2b8b83e"),
      "user" : "aaron",
      "readOnly" : false,
      "pwd" : "8c875bb39fcf051edc876c0ee71d5585"
      }
      >

            Assignee:
            mathias@mongodb.com Mathias Stearn
            Reporter:
            aaron Aaron Staple
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: