mongodb admin password no longer admin-secret on trunk
Bug #1270434 reported by
Kapil Thangavelu
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Opinion
|
High
|
Unassigned |
Bug Description
moving to the api, means the lazy password change on the db is no longer operational. instead only the random password generated by machine-0 is valid for the admin account which is only stored afaics in machine-
Changed in juju-core: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → 1.17.1 |
tags: | added: api regression |
tags: | added: security |
Changed in juju-core: | |
milestone: | 1.17.1 → 1.18.0 |
Changed in juju-core: | |
milestone: | 1.18.0 → none |
To post a comment you must log in.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2014-01-21 18:25, Curtis Hovey wrote:
> ** Changed in: juju-core Status: New => Triaged
>
> ** Changed in: juju-core Importance: Undecided => High
>
> ** Changed in: juju-core Milestone: None => 1.17.1
>
> ** Tags added: api regression
>
> ** Tags added: security
>
I do believe it is intended that:
1) The admin-secret will become the actual password on Mongo
*but*
2) We will remove direct access to the MongoDB port outside of the
local network. (In 1.20, once the Juju CLI no longer uses it in 1.18.)
If you have specific needs for it to be exposed, we should get those
outlined, because we currently consider it a security vulnerability
that we expose MongoDB directly.
John
=:->
-----BEGIN PGP SIGNATURE----- www.enigmail. net/
fi+AACgkQJdeBCY SNAANMPACgzEyJR mY+KwVV/ pOpboks7FY1 wJ5gV0j32LB6GTn 9a
Version: GnuPG v1.4.13 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://
iEYEARECAAYFAlL
5RMAoMmykbfpHtg
=oLjo
-----END PGP SIGNATURE-----