logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nick Williams (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LOG4J2-403) MongoDB appender, username and password should be optional.
Date Wed, 18 Sep 2013 06:44:51 GMT

    [ https://issues.apache.org/jira/browse/LOG4J2-403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770506#comment-13770506
] 

Nick Williams commented on LOG4J2-403:
--------------------------------------

I'll let some of the other guys weight in before I resolve this as invalid, but I think this
is the way it should be. Accessing any type of database without authentication is dangerous.
Back in the day MySQL used to let you do this as the default setup, but then after several
versions started forcing users to create a username and password on install. I understand
what you're saying about simple development environments, but it's not really difficult to
create a user with username "user" and password "password." I prefer the added security that
comes with Log4j not connecting to MongoDB unless it's an authenticated connection. In a production
environment, that could save someone from a costly mistake.
                
> MongoDB appender, username and password should be optional.
> -----------------------------------------------------------
>
>                 Key: LOG4J2-403
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-403
>             Project: Log4j 2
>          Issue Type: Improvement
>          Components: Appenders
>    Affects Versions: 2.0-beta9
>            Reporter: Poorna Subhash P
>            Priority: Minor
>
> In development environments it is usual to create MongoDB without any users/restrictions.

> In MongoDB appender if I don't provide usrname,password or if I provide empty values,
its throwing exception even without attempting for connection. 
> Getting following error:  ERROR The database is not already authenticated so you must
supply a username and password for the MongoDB provider.
> It would be nice if there is an ability to connect to MongoDB without user details (making
them optional fields).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org


Mime
View raw message