Skip to content

MLE-30265 add warning for BASIC auth without SSL#1093

Open
rjdew-progress wants to merge 1 commit into
developfrom
MLE-30265
Open

MLE-30265 add warning for BASIC auth without SSL#1093
rjdew-progress wants to merge 1 commit into
developfrom
MLE-30265

Conversation

@rjdew-progress

Copy link
Copy Markdown

Warn users that the NodeJS will transmit MarkLogic credentials in cleartext over the network if authentication type BASIC is used without SSL/TLS.

Copilot AI review requested due to automatic review settings July 7, 2026 05:44

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a runtime warning to help users avoid unintentionally sending MarkLogic BASIC-auth credentials over cleartext connections (no SSL/TLS).

Changes:

  • Updates the copyright header year.
  • Emits a warning during client initialization when authType is BASIC and ssl is not enabled.

Comment thread lib/marklogic.js
Comment on lines +742 to +744
if (authType === 'BASIC' && !isSSL) {
console.warn('Authentication type is BASIC and SSL is not enabled. This may expose credentials.');
}
Comment thread lib/marklogic.js
Comment on lines +742 to +744
if (authType === 'BASIC' && !isSSL) {
console.warn('Authentication type is BASIC and SSL is not enabled. This may expose credentials.');
}
@jonmille jonmille self-requested a review July 7, 2026 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants