Over a million developers have joined DZone.

Security in MongoDB: 10 Ways to Compromise Your Database

DZone's Guide to

Security in MongoDB: 10 Ways to Compromise Your Database

· Java Zone
Free Resource

Learn how our document data model can map directly to how you program your app, and native database features like secondary indexes, geospatial and text search give you full access to your data. Brought to you in partnership with MongoDB.

Getting your fancy new MongoDB database up and running won't do you much good if you have major outages or lose all your data. That's why it's important to pay attention to security, so from MongoDB's Andreas Nilsson comes a look at 10 common mistakes that can compromise MongoDB security, in order of severity and frequency:

  1. Directly exposing MongoDB to the internet
  2. No access control
  3. No SSL
  4. Exposed interfaces
  5. Bad user account config
  6. Insecure OS privileges
  7. Insecure replica set keyfile config
  8. Bad SSL config
  9. Unprotected backups
  10. General ignorance

For every point, Nilsson includes a description and a solution to help you keep your data secure. Some are fairly obvious - you don't want to just provide unlimited internet access to your MongoDB servers, for example - while others, such as SSL configuration, may require a bit more thought.

Also, Nilsson published another piece on MongoDB security before this one, and there is still a third part to come. Head over to Nilsson's full article on MongoDB's blog for all the details.

Discover when your data grows or your application performance demands increase, MongoDB Atlas allows you to scale out your deployment with an automated sharding process that ensures zero application downtime. Brought to you in partnership with MongoDB.


Opinions expressed by DZone contributors are their own.


Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.


{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}