MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Started
Categories Compass
Created by Guest
Created on Jan 10, 2020

RELATED FEEDBACK

Have option to make "Fill in connection fields individually" view the default upon start up

Currently, MongoDB Compass defaults to showing the "Paste connection string" view upon startup. The full connection string is shown, meaning that if you have any saved favorites, the username and password will be immediately visible upon the screen. This seems like a security risk, especially for use in public settings. Additionally, if your saved favorite includes SSH tunneling settings, these settings will not be applied if you try to connect to the database from the "Paste connection string" view, leading to connection failure. You must switch to the "Fill in connection fields individually" view before hitting Connect for the SSH tunnel to be created. Both of these problems could be alleviated by providing an option to make the "Fill in connection fields individually" view the default, as this latter view masks the password. Thanks, -- Sam
  • Attach files
  • Guest
    Mar 15, 2022
    With Compass 1.31 (currently in beta), we have a solution for all the pain points described in the original suggestion, even though the solution is different from the suggested one: - As we've done since Compass 1.21, the connection string text field keeps keeping the password hidden unless the user explicitly chooses to show it - Favorite connections with SSH tunneling or other settings will be saved correctly and all the options will be used when reusing the connection.
    Reply
  • Guest
    May 4, 2020
    Starting from Compass 1.21, the password for favorites is hidden by default.
    Reply
  • Guest
    Apr 30, 2020
    This is a security concern. If I'm sharing my screen in a meeting and bring up compass, it will accidentally reveal my password. It would be better for compass by default to display the "Fill in connection fields individually" section first and only display "Paste your connection string" when requested.
    Reply
  • Guest
    Feb 21, 2020
    I came this forum exactly because of this issue: the plaintext password visible in the connection string. The fact that this had one vote, and the "dark theme" had like 14, is pretty scary. Are people using this tool in production?
    Reply