mongodb如何发现可见数据库
mongod how to discover visible database
授予用户 app_admin 读写权限,如下所示:
db.createUser({"user":"app_admin", "pwd":"itnihao", "roles": [{"role": "readWrite", "db":"app1"},{"role": "readWrite", "db":"app2"},{"role": "readWrite", "db":"app3"}]})
问题是用户app_admin如何在没有listDatabases权限的情况下发现可见数据库app1、app2、app3?
我找到mongod GUI工具studio 3T,Mongodb Compass可以做到这一点
tcpdump studio 3T后,发现usersInfo可以做到这一点
> db.runCommand({"usersInfo": {"user": "app_admin", "db": "admin"}})
{
"users" : [
{
"_id" : "admin.app_admin",
"user" : "app_admin",
"db" : "admin",
"roles" : [
{
"role" : "readWrite",
"db" : "app4"
},
{
"role" : "readWrite",
"db" : "app1"
},
{
"role" : "readWrite",
"db" : "app2"
},
{
"role" : "readWrite",
"db" : "app3"
}
]
}
],
"ok" : 1
}
授予用户 app_admin 读写权限,如下所示:
db.createUser({"user":"app_admin", "pwd":"itnihao", "roles": [{"role": "readWrite", "db":"app1"},{"role": "readWrite", "db":"app2"},{"role": "readWrite", "db":"app3"}]})
问题是用户app_admin如何在没有listDatabases权限的情况下发现可见数据库app1、app2、app3?
我找到mongod GUI工具studio 3T,Mongodb Compass可以做到这一点
tcpdump studio 3T后,发现usersInfo可以做到这一点
> db.runCommand({"usersInfo": {"user": "app_admin", "db": "admin"}})
{
"users" : [
{
"_id" : "admin.app_admin",
"user" : "app_admin",
"db" : "admin",
"roles" : [
{
"role" : "readWrite",
"db" : "app4"
},
{
"role" : "readWrite",
"db" : "app1"
},
{
"role" : "readWrite",
"db" : "app2"
},
{
"role" : "readWrite",
"db" : "app3"
}
]
}
],
"ok" : 1
}