Security concerns when everyone uses the same username...password...clustername

So I created my cluster. Not only that the connection string for the mongodb shell was way shorter for me compared to the one seen in the video, there’s something else I found kinda weird.

So, it says we gonna use the username m001-student, that one mentioned password in Lab 2.0, same cluster name “sandbox”, how does the shell know once I login it’s mine and not anyone else’s cluster/sandbox who has entered the same credentials on the same free tier server?

The url does not even have any cryptic “fingerprints” to identify me, at least I don’t see anything.

Here is my connection shell command: mongo “mongodb+srv://sandbox-?.mongodb.net/test” --username m001-student

There was something else where the question mark is, could it be that’s the spot where that “fingerprint” is?

Hi @Ercan_54477,

The connection string for mongo shell version 3.4 or earlier contains the address of all the nodes in the replica set, port numbers and the name of the replica set.

However, for the mongo shell version 3.6 or later we use srv records, which makes the connection string shorter.

13%20PM1254×1238 96 KB

You can go to your atlas account and get the connection string for mongo shell version 3.4 or earlier.

Yes, it’s a 5 digit long string which uniquely identifies your cluster. Hence, the username and the cluster name can be same for more than one people.

Hope it helps!

If you have any other questions please feel free to get back to us.

Thanks,
Shubham Ranjan
Curriculum Support Engineer

Thank you so much for the information. Now things make sense to me.

Hi @Ercan_54477,

I’m glad your doubts are clear now. If you have any other query then please feel free to get back to us.

Happy Learning

Thanks,
Shubham Ranjan
Curriculum Support Engineer