Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Security in MongoDB: 10 Ways to Compromise Your Database

DZone's Guide to

Security in MongoDB: 10 Ways to Compromise Your Database

· Java Zone ·
Free Resource

What every Java engineer should know about microservices: Reactive Microservices Architecture.  Brought to you in partnership with Lightbend.

Getting your fancy new MongoDB database up and running won't do you much good if you have major outages or lose all your data. That's why it's important to pay attention to security, so from MongoDB's Andreas Nilsson comes a look at 10 common mistakes that can compromise MongoDB security, in order of severity and frequency:

  1. Directly exposing MongoDB to the internet
  2. No access control
  3. No SSL
  4. Exposed interfaces
  5. Bad user account config
  6. Insecure OS privileges
  7. Insecure replica set keyfile config
  8. Bad SSL config
  9. Unprotected backups
  10. General ignorance

For every point, Nilsson includes a description and a solution to help you keep your data secure. Some are fairly obvious - you don't want to just provide unlimited internet access to your MongoDB servers, for example - while others, such as SSL configuration, may require a bit more thought.

Also, Nilsson published another piece on MongoDB security before this one, and there is still a third part to come. Head over to Nilsson's full article on MongoDB's blog for all the details.


Microservices for Java, explained. Revitalize your legacy systems (and your career) with Reactive Microservices Architecture, a free O'Reilly book. Brought to you in partnership with Lightbend.

Topics:

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}