[Maas-devel] MongoDB Security
John Arbash Meinel
john.meinel at canonical.com
Tue Sep 11 10:29:43 UTC 2012
The security model of MongoDB is pretty easy to sort out.
http://www.mongodb.org/display/DOCS/Security+and+Authentication
1) By default, there is no security. [like in Memcache]. So anyone can
connect to your port, and do whatever they want with any database.
You are expected that you only run the daemon in a trusted
environment.
At least 'apt-get install mongodb' only listens on 127.0.0.1
2) You can teach mongodb to start as 'mongodb --auth'. Which sets up
user/password or keyfile authentication. You then get:
a) For each named db, a user has either None, readonly, full access
b) The 'admin' superuser has full access to everything.
There are a lot of details on the above page when you get into sharding,
replication and all that. But I think the above is pretty much it.
Also, I think to *set up* users, you have to start in no-auth mode, set
it up, and then restart with auth mode.
John
=:->
More information about the Maas-devel
mailing list