You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4j-dev@logging.apache.org by "Nick Williams (JIRA)" <ji...@apache.org> on 2013/09/18 08:54:52 UTC
[jira] [Comment Edited] (LOG4J2-403) MongoDB appender, username and
password should be optional.
[ https://issues.apache.org/jira/browse/LOG4J2-403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770506#comment-13770506 ]
Nick Williams edited comment on LOG4J2-403 at 9/18/13 6:53 AM:
---------------------------------------------------------------
I'll let some of the other guys weigh in before I resolve this as invalid, but I think this is the way it should be. Accessing any type of database without authentication is dangerous. Back in the day MySQL used to let you do this as the default setup, but then after several versions started forcing users to create a username and password on install. I understand what you're saying about simple development environments, but it's not really difficult to create a user with username "user" and password "password." I prefer the added security that comes with Log4j not connecting to MongoDB unless it's an authenticated connection. In a production environment, that could save someone from a costly mistake.
was (Author: beamerblvd):
I'll let some of the other guys weight in before I resolve this as invalid, but I think this is the way it should be. Accessing any type of database without authentication is dangerous. Back in the day MySQL used to let you do this as the default setup, but then after several versions started forcing users to create a username and password on install. I understand what you're saying about simple development environments, but it's not really difficult to create a user with username "user" and password "password." I prefer the added security that comes with Log4j not connecting to MongoDB unless it's an authenticated connection. In a production environment, that could save someone from a costly mistake.
> MongoDB appender, username and password should be optional.
> -----------------------------------------------------------
>
> Key: LOG4J2-403
> URL: https://issues.apache.org/jira/browse/LOG4J2-403
> Project: Log4j 2
> Issue Type: Improvement
> Components: Appenders
> Affects Versions: 2.0-beta9
> Reporter: Poorna Subhash P
> Priority: Minor
>
> In development environments it is usual to create MongoDB without any users/restrictions.
> In MongoDB appender if I don't provide usrname,password or if I provide empty values, its throwing exception even without attempting for connection.
> Getting following error: ERROR The database is not already authenticated so you must supply a username and password for the MongoDB provider.
> It would be nice if there is an ability to connect to MongoDB without user details (making them optional fields).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org