MONGDB Open access authentication

Source: Internet
Author: User

MongoDB has been used in production for some time, but the data store for MongoDB has not been used to access permissions (MongoDB defaults to No access restrictions), and recently saw a technical article in the Cool shell net (https://coolshell.cn/?s = from +mongodb+ "Ransom event" + See Security issue &from=timeline&isappinstalled=0) introduced MONGODB does not open permission authentication leads to data stolen by hackers, to Bitcoin redemption events, Taking into account the reasons for data security It took a little time to study, I now use the version is MongoDB3.4.2, on the Linux system verification, I also on the WIN8 is similar operation mode.

As with other databases, permissions are managed almost the same.
But the difference is that MongoDB users are associated with the database, the specific database, or need to have a corresponding user, that is, even the Super administrator can not operate other databases.
MongoDB stores all user information in the collection System.users of the admin database, saving the user name, password, and database information.
MongoDB does not enable authentication by default, as long as it can connect to the server, it can connect to Mongod. To enable security authentication, you need to change the configuration file parameter--auth.

Below are the steps to turn on permission authentication.

One, non-authorized way to create users

1, first in the non-authorized mode (that is, without the--auth parameter) login to create a system administrator user

2. Enter the installation bin directory of MongoDB

3. Client Login

4. Switch to the admin database

5. Create user for Admin database

6. View Users

Use the Db.system.users.find () command to view the user we just created.

Finally, the MONGODB process will be killed and launched in an authoritative manner

Second, the mode of authorization to start

1. Add--auth parameter Authorization start

2. Log in and switch to the admin database

3, re-view the database, you will find no permissions

This is where Auth authentication is enabled using Db.auth (' Hehaitao ', ' Hehaitao ')

You will see that the value returned is 1, which means that the boot was successful, and then we use the command to view the database

Discovery can be used to view the

Reference article:

See security issues from MongoDB "ransom event" MongoDB Authority authentication

MONGDB Open access authentication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.