Skip to content

How can we improve MongoDB Compass?

← Compass

Have option to make "Fill in connection fields individually" view the default upon start up

Currently, MongoDB Compass defaults to showing the "Paste connection string" view upon startup. The full connection string is shown, meaning that if you have any saved favorites, the username and password will be immediately visible upon the screen. This seems like a security risk, especially for use in public settings.

Additionally, if your saved favorite includes SSH tunneling settings, these settings will not be applied if you try to connect to the database from the "Paste connection string" view, leading to connection failure. You must switch to the "Fill in connection fields individually" view before hitting Connect for the SSH tunnel to be created.

Both of these problems could be alleviated by providing an option to make the "Fill in connection fields individually" view the default, as this latter view masks the password.

Thanks,
-- Sam

12 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Sam shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • AdminMassimiliano (Admin, MongoDB) commented  ·   ·  Report

    With Compass 1.31 (currently in beta), we have a solution for all the pain points described in the original suggestion, even though the solution is different from the suggested one:
    - As we've done since Compass 1.21, the connection string text field keeps keeping the password hidden unless the user explicitly chooses to show it
    - Favorite connections with SSH tunneling or other settings will be saved correctly and all the options will be used when reusing the connection.

  • Johnson commented  ·   ·  Report

    This is a security concern. If I'm sharing my screen in a meeting and bring up compass, it will accidentally reveal my password. It would be better for compass by default to display the "Fill in connection fields individually" section first and only display "Paste your connection string" when requested.

  • Marcin commented  ·   ·  Report

    I came this forum exactly because of this issue: the plaintext password visible in the connection string.

    The fact that this had one vote, and the "dark theme" had like 14, is pretty scary. Are people using this tool in production?

Compass: Connectivity

Categories

Feedback and Knowledge Base

(thinking…)