MongoDB Security Authentication Mechanism

In order to ensure the security of data, MongoDB provides two ways of security authentication mechanism: ① account password Authentication ②ip binding

First, the account password authentication

This is nothing to say, like a common relational database, the use of the account password for authentication, and the user has the concept of permissions, such as the user segment in MySQL can manage which tables.

In MongoDB, there are two kinds of users, one is the Super administrator user, the other is the database owner.

Switch to the admin database, in the System.users collection, we can see all the users in this instance, and their roel. As follows:

Then, when you start MongoDB, use-auth to indicate that user name account password Authentication is required.

You can use Db.adduser (' userName ', ' pwd ') to add users to this database.

In Java, verify the user account password identity:

Db.authenticatecommand (username, password)

In Python, verify your account password ":

Db.authenticate (' testadmin ', ' 123 ')

Second, IP address binding

When you start MongoDB, the-bind_ip 192.168.20.21 is used to indicate that the IP address binding is initiated, and the DB instance listens only for 192.168.20.21 requests.

How does IP binding implement security control?

Suppose our MongoDB is installed on a server that is connected to an extranet, and the server is on the LAN with the other servers. Then this server will have three IP addresses: 127.0.1.1, intranet IP, and extranet IP. To ensure security, we can only use 127.0.0.1 or intranet IP.

If you use 127.0.0.1, then the application that connects MongoDB must be on the MongoDB server. This will certainly achieve security assurances.

If an intranet IP is used, the application must mongoclient client = new Mongoclient ("192.168.20.114", 27017) when connected to MongoDB, and the IP must be an intranet IP, The server on the external network cannot access the MongoDB server. So as to achieve security.

Summary: In order to ensure security as far as possible, we generally use two ways of the combination, both binding IP and using the account password Authentication mechanism.

In addition, the default port for MongoDB is 27017, and it is generally necessary to change this default port to maximize security. How do I change the default port? Just add the-port parameter when you start MongoDB and OK.