Learn Securing MongoDB

May 19, 2019

Table of Contents

    MongoDB is not secure by default. If you are installing MongoDB and launching it without configuring it for authentication, you are going to have a bad time. People can read, write, destroy, or alter data on your server without ever needing to login or authenticate in anyway. Securing the database is not hard to do and can be done in a few steps.

    First, start up your Mongo client. On Linux it is the command mongo. Enter this block of text in, of course changing the placeholder parts to your own information.

    db.createUser({
      user: "USERNAME", 
      pwd: "PASSWORD", 
      roles: [
        {
          role: "readWrite",
          db: "YOUR_DATABASE"
        }
      ]
    });
    

    After you’re done, quit the mongo client and edit your MongoDB configuration file. Depending on your OS and distro, you will find it in one of these places.

    /etc/mongodb.conf
    /etc/mongod.conf
    

    Change the following line, #security: to the following.

    security:
      authorization: enabled
    

    You should consider changing the bind port to localhost (127.0.0.1) or bind it to a private IP that does not get exposed to the internet. Exposing your database to the internet is just a bad idea in general. This is what you should change.

    # network interfaces
    net:
      port: 27017
      bindIp: 634.234.102.6
    

    Mind your spaces! Always in twos, never tabs. Afterwards restart your MongoDB database. On Linux it will be one of the following commands based on your distro of choice.

    systemctl restart mongod
    systemctl restart mongodb
    

    Need help?

    Do you need help setting up this on your own service?
    Please contact us and we’ll provide you the best possible quote!