Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth should probably set the "authSource" to match "db_name" #46

Closed
johnoliver opened this issue Oct 2, 2015 · 1 comment
Closed

Auth should probably set the "authSource" to match "db_name" #46

johnoliver opened this issue Oct 2, 2015 · 1 comment
Assignees
@cescoffier
Labels
bug
Milestone
3.2.0

Comments

@johnoliver
Copy link
Contributor

By default unless an authSource is defined it will auth against "admin". Encouraging apps to use admin db accounts as their application user is not great, and also the fact that it did not authenticate against the user of the db was unexpected and took some debugging to find.

In my opinion if no authSource is provided we should set it to the db the user is using, provided via "db_name"
@karianna karianna added this to the 3.2.0 milestone Oct 2, 2015
@karianna
Copy link
Contributor

karianna commented Oct 2, 2015

Sounds reasonable, admin by default is actually a bit of a security concern.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cescoffier cescoffier

Labels
bug
Milestone
3.2.0
Development

No branches or pull requests
3 participants
@karianna @cescoffier @johnoliver