-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MongoDB password from connection string is indexed in metricset.host field and is visible #2888
Labels
Comments
Ah, good point :(. Only workaround for now is to use |
tsg
pushed a commit
to tsg/beats
that referenced
this issue
Oct 31, 2016
We previously only had the option of specifying a user/pass in the URL string, which is problematic because it results in the password being indexed in Elasticsearch (elastic#2888). This adds the option to specify a username/password at the module configuration. To make this happen, I had to copy some unexported functions from the mgo driver.
ruflin
pushed a commit
that referenced
this issue
Oct 31, 2016
We previously only had the option of specifying a user/pass in the URL string, which is problematic because it results in the password being indexed in Elasticsearch (#2888). This adds the option to specify a username/password at the module configuration. To make this happen, I had to copy some unexported functions from the mgo driver.
Closing as #2889 was merged. |
tsg
added a commit
to tsg/beats
that referenced
this issue
Nov 1, 2016
We previously only had the option of specifying a user/pass in the URL string, which is problematic because it results in the password being indexed in Elasticsearch (elastic#2888). This adds the option to specify a username/password at the module configuration. To make this happen, I had to copy some unexported functions from the mgo driver. (cherry picked from commit 6c7dfe4)
andrewkroh
pushed a commit
that referenced
this issue
Nov 1, 2016
We previously only had the option of specifying a user/pass in the URL string, which is problematic because it results in the password being indexed in Elasticsearch (#2888). This adds the option to specify a username/password at the module configuration. To make this happen, I had to copy some unexported functions from the mgo driver. (cherry picked from commit 6c7dfe4)
leweafan
pushed a commit
to leweafan/beats
that referenced
this issue
Apr 28, 2023
…lastic#2900) We previously only had the option of specifying a user/pass in the URL string, which is problematic because it results in the password being indexed in Elasticsearch (elastic#2888). This adds the option to specify a username/password at the module configuration. To make this happen, I had to copy some unexported functions from the mgo driver. (cherry picked from commit b4f22e3)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Similar to #2738. When connecting to a running instance of MongoDB, the user and password of the connection string are indexed into the metricset.host field.
However, unlike #2738, I'm not aware of another way to specify the connection string such that the user/pass is separated out.
This prevents us from using the mongodb module as even logging the credentials of a users with minimal permissions is not acceptable.
The text was updated successfully, but these errors were encountered: