Skip to content

MLE-30265 add warning for BASIC auth without SSL#1093

Merged
rjdew-progress merged 1 commit into
developfrom
MLE-30265
Jul 8, 2026
Merged

MLE-30265 add warning for BASIC auth without SSL#1093
rjdew-progress merged 1 commit into
developfrom
MLE-30265

Conversation

@rjdew-progress

Copy link
Copy Markdown

Warn users that the NodeJS will transmit MarkLogic credentials in cleartext over the network if authentication type BASIC is used without SSL/TLS.

Copilot AI review requested due to automatic review settings July 7, 2026 05:44

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a runtime warning to help users avoid unintentionally sending MarkLogic BASIC-auth credentials over cleartext connections (no SSL/TLS).

Changes:

  • Updates the copyright header year.
  • Emits a warning during client initialization when authType is BASIC and ssl is not enabled.

Comment thread lib/marklogic.js
Comment on lines +742 to +744
if (authType === 'BASIC' && !isSSL) {
console.warn('Authentication type is BASIC and SSL is not enabled. This may expose credentials.');
}
Comment thread lib/marklogic.js
Comment on lines +742 to +744
if (authType === 'BASIC' && !isSSL) {
console.warn('Authentication type is BASIC and SSL is not enabled. This may expose credentials.');
}
@jonmille jonmille self-requested a review July 7, 2026 15:36
@rjdew-progress rjdew-progress merged commit a7a86f3 into develop Jul 8, 2026
5 checks passed
@rjdew-progress rjdew-progress deleted the MLE-30265 branch July 8, 2026 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants