MongoDB Shell
4 results found
-
Avoid issuing commands upon connection where the user is unauthorized to execute them
Presently when a user connects to a MongoDB cluster mongosh will execute several command helpers. Unless the users have specific privileges these commands will trigger several unauthorised messages similar to below:
{"msg":"Checking authorization failed","attr":{"error":{"code":13,"codeName":"Unauthorized","errmsg":"not authorized on admin to execute command { getParameter: 1, featureCompatibilityVersion: 1, apiVersion: \"1\"... $db: \"admin\" }"}}}
This causes issues for some security monitoring applications, and requires the security monitoring application to be filtered to ignore these events.
A similar issue is described in the Jira ticket: https://jira.mongodb.org/browse/MONGOSH-1298
1 vote -
MONGODB-AWS Auth Feature Request for mongosh & compass connections
I would like to request a feature to more fully integrate the auth mechanism MONGODB-AWS in the Atlas UI. We envision that when you are creating a user based on IAM Auth a toggle button is added in the UI that when enabled on the user or project level, would require a user to provide a session token to authenticate via mongoose. This feature would require the --awsIamSessionToken option when a so defined user connects via mongosh or the token field in Compass (along with the access key and secret access key). Basically, if only username/password were presented, it would…
1 vote -
Don't send tracking analytics without explicit opt-in
I recently updated mongosh to 1.7.1 via Homebrew. Little Snitch informs me that the program is reaching out to api.segment.io asynchronously. For privacy reasons, I do not want programs to do that, and such analytics without explicit opt-in may be illegal in the entire EU per the GDPR.
Please remove the analytics/tracking feature or make it configurable only as an opt-in feature.
1 voteHi There;
thank you for raising this request.
We care deeply about user privacy and go to great efforts to be clear about what our products do and how they act.
Please review the page linked below [1] that describes exactly what telemetry is and is not collected. The page also includes instructions on how to disable telemetry.
-
Ability to control OCSP TLS certificate verification on mongo shell
Please allow to control OCSP TLS certificate verification on mongosh shell like it was possible on the legacy shell using "./mongo ... --setShellParameter ocspEnabled=false ..."
3 votes
- Don't see your idea?