Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-4319

MongoDB Authentication related queries/issues

    • Type: Icon: Question Question
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 1.9.0
    • Component/s: Security
    • None
    • Environment:
      Windows/Linux/Freebsd

      1. Password hash values should be stored using a random salt and hashed using a strong hash such as SHA256.
      2. Hash values should not be sent over the network, even as part of a digest.
      3. Authentication requests should be protected against replay .
      4. Credentials storage should be protected against access from all users except DBA's. This includes the actual database files that
      store the encrypted credentials.
      5. Ensure integrity of replicated data using either PKI or HMAC technology.
      6. Authentication should occur only over secure channels. Support for SSL/TLS communication should be added for authentication. This
      should include client certificate authentication for the purpose of mutually authenticating replication partners. Even with anti-
      replay nonce values and encrypted "keys" clear text authentication will be vulnerable to man-in-the middle attacks.
      7. Provisions for more granular levels of authorization should be added to include provisions for groups and roles for database
      users.

            Assignee:
            mark Mark porter
            Reporter:
            saurabhdave Saurabh Dave
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: