Simple ways to secure MongoDB


MongoDB does not come with security by default. As opposed to traditional SQL databases, MongoDB typically stores a lot more data. MongoDB databases are accessible over the internet by default without requiring credentials initially. For years MongoDB has been plagued by security shortcomings, much like other NoSQL database systems. Here we are going to discuss the security steps that can be taken to overcome this issue.



VPSie makes it easy to install mongodb in just a few clicks, follow the article to learn more about the process.





During this tutorial, we will demonstrate how to secure the MongoDB server, 


Secure MongoDB




The first step is to launch the Mongo client. Linux users can run Mongo Put in this paragraph, replacing the placeholders with your own data. 






Next creates the user, For example : john in the admin database with the user, Admin, AnyDatabase role:


db.createUser({user:"John",pwd:"MyPassword", roles:[{role:"userorAdminorAnyDatabase",db:"admin"}]})




Sample Output

  user: "John", 
  pwd: "MyPASSWORD", 
  roles: [
      role: "userorAdminorAnyDatabase",
      db: "admin"


You can now exit the mongo client and edit your MongoDB configuration file. In the following commands, you will find it depending on your operating system and distribution.




Please change the line, “security” : to the following:


  authorization: enabled


We recommend setting the bind port to localhost ( or to a private IP address that will not be exposed to the internet. 



Basically, you shouldn’t publish your database on the internet.

# network interfaces
  port: 27017


Restart your MongoDB database. Your Linux distro will determine which command you should run. 


systemctl restart mongod
systemctl restart mongodb


That’s it!







we hope that this article has provided you with more information.





Get the most out of learning with VPSie.com