How to use encrypted password in connection string

363 views
Skip to first unread message

Vishesh Singhal

unread,
Jul 1, 2016, 8:13:36 AM7/1/16
to mongodb-user
Hi,

How could we use encrypted password in connection string? Let suppose if we are using below string:
mongo localhost:27017/admin -u abc -p Test123


But we dont want the password to be publically visible directly in connection string. 

Is there any way to use encrypted password?

Regards,
Vishesh

Vishesh Singhal

unread,
Jul 4, 2016, 10:58:16 AM7/4/16
to mongodb-user
Any idea?

Pooja Gupta

unread,
Jul 11, 2016, 5:08:21 AM7/11/16
to mongodb-user

Hi Vishesh,

In case you are concerned with the password being visible in mongo shell history or via process listings, you can specify -p or -password without
actually providing the password on command line.

eg.

mongo localhost:27017/admin -u abc -p

In such a case mongo shell will interactively ask for a password from the user.

Moreover, the passwords are always hashed on the client before being sent to the server.

Hopefully this addresses your question. If not, please provide a more elaborate description of your problem.

Regards,

Pooja

Vishesh Singhal

unread,
Jul 14, 2016, 2:08:22 AM7/14/16
to mongodb-user
Hi Pooja,

Thanks for your response.

Actually, let suppose we are using below connection string in our code, but we want the password "XXXXXXXX" to be encrypted in config itself
<add name="Post" connectionString="mongodb://ABC:XXXXXXXX@Server1,Server2,Server3/database?authSource=admin&amp;replicaSet=xyz&amp;connectTimeoutMS=5000&amp;minPoolSize=30" />

How could we do that?

Regards,
Vishesh

Pooja Gupta

unread,
Jul 19, 2016, 2:56:10 AM7/19/16
to mongodb-user

Hi Vishesh,

In order to understand your use case better, could you elaborate on why you think the password needs to be encrypted ?

Have you considered the following possible solutions:

  • Applying access control restriction on the files that contain sensitive information ? File based permissions could prevent read from unauthorised users or group. For example, in Linux OS you could deploy the application and config as a special user/group.
  • Assuming the application code is compiled, could you handle the decryption of the config value on application side ?
  • Creating a MongoDB user specifically for the application with restricted privileges? See Role-Based Access Control

Regards,

Pooja

Reply all
Reply to author
Forward
0 new messages