Menu
I want to create the database in mongodb that's secure.
Secure means the application has to pass username/password to connect to my database in mongodb.
632
Secure From the Start With MongoDB Atlas, your data is protected with preconfigured security features for authentication, authorization, encryption, and more.
TLS/SSL Encryption Network encryption is available with MongoDB. This allows you to protect your database and communications through an industry-standard encryption methodology. TLS and SSL are supported by the x. 509 certificates, which clients can use to authenticate their identities.
Luckily it was just a test data, nothing serious. But it taught me a lesson that even if we are just spinning up a simple test MongoDB, we must setup authentication. Hacking is real and they can target anyone. Stay alert and think about securing your DB.
From Mongo Java Tutorial
MongoDB can be run in a secure mode where access to databases is controlled through name and password authentication. When run in this mode, any client application must provide a name and password before doing any operations. In the Java driver, you simply do the following with the connected mongo object :
boolean auth = db.authenticate(myUserName, myPassword);
If the name and password are valid for the database, auth will be true. Otherwise, it will be false. You should look at the MongoDB log for further information if available.
Most users run MongoDB without authentication in a trusted environment.
Configuring Authentication and Security
Authentication is stored in each database's system.users collection. For example, on a database projectx, projectx.system.users will contain user information.
We should first configure an administrator user for the entire db server process. This user is stored under the special admin database.
If no users are configured in admin.system.users, one may access the database from the localhost interface without authenticating. Thus, from the server running the database (and thus on localhost), run the database shell and configure an administrative user:
$ ./mongo
> use admin
> db.addUser("theadmin", "anadminpassword")
We now have a user created for database admin. Note that if we have not previously authenticated, we now must if we wish to perform further operations, as there is a user in admin.system.users.
> db.auth("theadmin", "anadminpassword")
We can view existing users for the database with the command:
> db.system.users.find()
Now, let's configure a "regular" user for another database.
> use projectx
> db.addUser("joe", "passwordForJoe")
Finally, let's add a readonly user. (only supported in 1.3.2+)
> use projectx
> db.addUser("guest", "passwordForGuest", true)
> use admin
> db.addUser("admin", "xyzxyz")
> use newdb
> db.addUser("newuser", "strongpwd")
ppa, then it is configured as a service. sudo service mongodb stop
If it was installed from source, stop the process using:
/etc/init.d/mongodb stop
vim /etc/mongodb.conf
auth = true
sudo service mongodb restart
else
mongod --config /etc/mongodb.conf
> show collections on newdb should give the error
"$err" : "not authorized for query on newdb.system.namespaces",
"code" : 16550
and should work after
> db.auth("newuser", "strongpwd")
Now the db newdb is secured.
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
