MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Submitted
Categories Atlas
Created by Guest
Created on Aug 9, 2023

RELATED FEEDBACK

LDAP Users shouldn't be successfully authenticated if not authorized

Today, if you login with proper LDAP credentials to an Atlas cluster, you are authenticated into that cluster, even if you are not authorized to have access. This is not at all how databases should work, nor is it how most databases do work today. If a user is not authorized, that connection should fail immediately. Allowing successful authentication, even when not authorized, can increase the security vector for ddos attempts as well as causes confusion when successful attempts are logged, even though the user was not authorized to see data. Please reject any non-authorized user from connecting to an Atlas cluster.
  • Attach files