[
https://issues.apache.org/jira/browse/LOG4J2-403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770506#comment-13770506
]
Nick Williams edited comment on LOG4J2-403 at 9/18/13 6:53 AM:
---------------------------------------------------------------
I'll let some of the other guys weigh in before I resolve this as invalid, but
I think this is the way it should be. Accessing any type of database without
authentication is dangerous. Back in the day MySQL used to let you do this as
the default setup, but then after several versions started forcing users to
create a username and password on install. I understand what you're saying
about simple development environments, but it's not really difficult to create
a user with username "user" and password "password." I prefer the added
security that comes with Log4j not connecting to MongoDB unless it's an
authenticated connection. In a production environment, that could save someone
from a costly mistake.
was (Author: beamerblvd):
I'll let some of the other guys weight in before I resolve this as invalid,
but I think this is the way it should be. Accessing any type of database
without authentication is dangerous. Back in the day MySQL used to let you do
this as the default setup, but then after several versions started forcing
users to create a username and password on install. I understand what you're
saying about simple development environments, but it's not really difficult to
create a user with username "user" and password "password." I prefer the added
security that comes with Log4j not connecting to MongoDB unless it's an
authenticated connection. In a production environment, that could save someone
from a costly mistake.
> MongoDB appender, username and password should be optional.
> -----------------------------------------------------------
>
> Key: LOG4J2-403
> URL: https://issues.apache.org/jira/browse/LOG4J2-403
> Project: Log4j 2
> Issue Type: Improvement
> Components: Appenders
> Affects Versions: 2.0-beta9
> Reporter: Poorna Subhash P
> Priority: Minor
>
> In development environments it is usual to create MongoDB without any
> users/restrictions.
> In MongoDB appender if I don't provide usrname,password or if I provide empty
> values, its throwing exception even without attempting for connection.
> Getting following error: ERROR The database is not already authenticated so
> you must supply a username and password for the MongoDB provider.
> It would be nice if there is an ability to connect to MongoDB without user
> details (making them optional fields).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
