New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use SCRAM-SHA-1 as default for MongoDB #1785

Closed
wilzbach opened this Issue Jun 17, 2017 · 2 comments

Comments

Projects
None yet
2 participants
@wilzbach
Contributor

wilzbach commented Jun 17, 2017

MongoDB no longer defaults to MONGODB-CR and instead uses SCRAM-SHA-1 as the default authentication mechanism.

https://docs.mongodb.com/manual/core/security-mongodb-cr/#authentication-mongodb-cr
Released in March 2015
https://docs.mongodb.com/manual/release-notes/3.0

Either SCRAM-SHA-1 should be the default option or the initialization should detect the MongoDB version and thus set the auth mechanism automatically if Mongo > 3

@cifvts

This comment has been minimized.

Show comment
Hide comment
@cifvts

cifvts Jun 25, 2017

Contributor

To obtain this behaviour I guess mongodb/vibe/db/mongo/connection.d should be change, but this also will break existing apps that won't explicit auth mechanism. not sure if there is an easy way to obtain version before attempt a connection.

Contributor

cifvts commented Jun 25, 2017

To obtain this behaviour I guess mongodb/vibe/db/mongo/connection.d should be change, but this also will break existing apps that won't explicit auth mechanism. not sure if there is an easy way to obtain version before attempt a connection.

@wilzbach

This comment has been minimized.

Show comment
Hide comment
@wilzbach

wilzbach Jul 15, 2017

Contributor

I think most mongo instances nowadays have been upgraded, but just to be sure we can simply try the old method as a fallback on a MongoAuthException.

In any case, I submitted #1843

Contributor

wilzbach commented Jul 15, 2017

I think most mongo instances nowadays have been upgraded, but just to be sure we can simply try the old method as a fallback on a MongoAuthException.

In any case, I submitted #1843

@s-ludwig s-ludwig closed this in c3859bb Jul 15, 2017

s-ludwig added a commit that referenced this issue Jul 15, 2017

Merge pull request #1843 from wilzbach/fix-1785
Fix #1785 - Use SCRAM-SHA-1 as default for MongoDB
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment