[jira] [Commented] (LOG4J2-403) MongoDB appender, username and password should be optional.

Tue, 17 Sep 2013 23:45:47 -0700 

    [ 
https://issues.apache.org/jira/browse/LOG4J2-403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770506#comment-13770506
 ] 

Nick Williams commented on LOG4J2-403:
--------------------------------------

I'll let some of the other guys weight in before I resolve this as invalid, but 
I think this is the way it should be. Accessing any type of database without 
authentication is dangerous. Back in the day MySQL used to let you do this as 
the default setup, but then after several versions started forcing users to 
create a username and password on install. I understand what you're saying 
about simple development environments, but it's not really difficult to create 
a user with username "user" and password "password." I prefer the added 
security that comes with Log4j not connecting to MongoDB unless it's an 
authenticated connection. In a production environment, that could save someone 
from a costly mistake.
                
> MongoDB appender, username and password should be optional.
> -----------------------------------------------------------
>
>                 Key: LOG4J2-403
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-403
>             Project: Log4j 2
>          Issue Type: Improvement
>          Components: Appenders
>    Affects Versions: 2.0-beta9
>            Reporter: Poorna Subhash P
>            Priority: Minor
>
> In development environments it is usual to create MongoDB without any 
> users/restrictions. 
> In MongoDB appender if I don't provide usrname,password or if I provide empty 
> values, its throwing exception even without attempting for connection. 
> Getting following error:  ERROR The database is not already authenticated so 
> you must supply a username and password for the MongoDB provider.
> It would be nice if there is an ability to connect to MongoDB without user 
> details (making them optional fields).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to