Have option to make "Fill in connection fields individually" view the default upon start up
Currently, MongoDB Compass defaults to showing the "Paste connection string" view upon startup. The full connection string is shown, meaning that if you have any saved favorites, the username and password will be immediately visible upon the screen. This seems like a security risk, especially for use in public settings.
Additionally, if your saved favorite includes SSH tunneling settings, these settings will not be applied if you try to connect to the database from the "Paste connection string" view, leading to connection failure. You must switch to the "Fill in connection fields individually" view before hitting Connect for the SSH tunnel to be created.
Both of these problems could be alleviated by providing an option to make the "Fill in connection fields individually" view the default, as this latter view masks the password.
AdminMassimiliano (Admin, MongoDB) commented
Starting from Compass 1.21, the password for favorites is hidden by default.
This is a security concern. If I'm sharing my screen in a meeting and bring up compass, it will accidentally reveal my password. It would be better for compass by default to display the "Fill in connection fields individually" section first and only display "Paste your connection string" when requested.
I came this forum exactly because of this issue: the plaintext password visible in the connection string.
The fact that this had one vote, and the "dark theme" had like 14, is pretty scary. Are people using this tool in production?