search

elixir-mongo / mongodb

MongoDB driver for Elixir
Apache License 2.0
571 stars 156 forks source link

Is there a way to detect bad credentials? #343

Open nathanl opened 4 years ago

nathanl commented 4 years ago

The meow attack makes it seem good to check one's instances for weak login credentials. But that's not straightforward to do. This function call:

Mongo.start_link(
      url: "mongodb://#{hostname}:#{port}/admin",
      username: username,
      password: password
    )

...returns {:ok, pid} even if the credentials are wrong.

Is there a way to try a simple connection and get back an {:error, reason} if the credentials are not valid?

tillsc commented 3 years ago

Try {:ok, _v} = Mongo.ping(conn) after starting the link. This works for me