许多“收到错误的随机数或未调用 getnonce”在蒙戈日志中
大家好,
现在我使用 mongo 作为我的数据库。我发现我的 mongo 连接有时会自动重置或失败。然后我在我的 mongo 日志文件中发现了一些奇怪的消息,这是
auth: bad nonce received or getnonce not called. could be a driver bug or a security attack. db:User
我用 google 搜索了它,但似乎很少有用户遇到这个问题,我只在 github 中找到了源代码,链接为 https:// github.com/mongodb/mongo/blob/master/db/security_commands.cpp。从代码来看,客户端发送user_name, use_password, nonce到服务器进行认证,日志信息是由于客户端发送的nonce与服务器分发的nonce不一样导致的。
我的 mongo 驱动程序有什么问题吗?有人遇到过这个问题吗?
Hi all,
Now I use mongo as my database. I found my mongo connection is auto-reset or failed sometimes. Then I found some strange message in my mongo log file, which is
auth: bad nonce received or getnonce not called. could be a driver bug or a security attack. db:User
I googled it, but it seemed few users had encounted this problem, and I only found the source code in github with link https://github.com/mongodb/mongo/blob/master/db/security_commands.cpp. From the code, the client sends user_name, use_password, nonce to the server for the authentication, the log message is caused by the difference between the nonce sent by the client and distributed by the server.
Is there anything wrong with my mongo driver? Anybody has encountered this problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当我使用 mongodb-2.0.2 和 java-driver2.7.3 时,我也遇到了这个错误。
它是一个用于开发的单个 mongodb 服务器,并且打开了
--auth选项。我知道这是由多线程中的身份验证引起的:
从服务器端,在完成一个身份验证请求之前,另一个线程发送了一个新请求,这导致第一个请求被覆盖。
在该方法中添加
synchronized后,就再也没有出现过。I ran into this error as well, when I was using mongodb-2.0.2 and java-driver2.7.3.
It's a single mongodb server for development with
--authoption opened.I understand it's caused by authentication in multi-threading:
From the server side, before one auth request is accomplished, another thread sent a new request, which causes the first one to be overriden.
After adding
synchronizedto this method, it never appeared again.