In the previous summary, hiding the password in the process list is hidden by doing the processing in the main function.
As follows:
1 int_main (intargcChar* argv[],Char**envp) {2 3 omit some of the middle code content4 5 //hide password from PS output6 7 for(inti =0; I < (ARGC-1); ++i) {8 9 if(!STRCMP (Argv[i),"- P") || !STRCMP (Argv[i],"--password")) {Ten One Char* arg = argv[i +1]; A - while(*Arg) { - the*arg++ ='x'; - - } - + } - +}
But the code above doesn't always work. Why? Because the main function goes in, MONGO does not immediately hide the password in the process list, but first does some initialization, which is the part of the code that I omitted above.
Because the middle omitted part of the code also takes a certain amount of time, so in the more extreme scenarios, while large concurrent execution MONGO ip/db-u account-p password jsfile, it is possible to be monitored by the process Monitoring program with plaintext password MONGO process.
How to solve this time?
MONGO accept the server-side JS script, also can perform login operations, put the login operation into JS, so that you can use the MONGO IP jsfile way to perform server-side JS.
JS content needs to be added:
db = Db.getsiblingdb (' dbname ')var login_ret = Db.auth (' user ', ' password ')if (1 = = Login_ret) { //dosomething} Else { //Print login failed message}
If the account number and password are variable, then you can use the JS script to replace the User,password part of the content, you can work properly.
Summary: The way this article tells you how to hide password key information in the process list is Linux here document.
Finally, it is important to note that if the right curly brace of the MONGO IP Jsfile,else and if statement block is executed directly, the right curly brace of the else and if statement blocks must be on the same line if the Jsfile is passed in through the Linux here document method.
The program of the strange trick starts to hide key information such as passwords in the process List 2