Over a million developers have joined DZone.

Security in MongoDB: 10 Ways to Compromise Your Database

· Java Zone

Easily build powerful user management, authentication, and authorization into your web and mobile applications. Download this Forrester report on the new landscape of Customer Identity and Access Management, brought to you in partnership with Stormpath.

Getting your fancy new MongoDB database up and running won't do you much good if you have major outages or lose all your data. That's why it's important to pay attention to security, so from MongoDB's Andreas Nilsson comes a look at 10 common mistakes that can compromise MongoDB security, in order of severity and frequency:

  1. Directly exposing MongoDB to the internet
  2. No access control
  3. No SSL
  4. Exposed interfaces
  5. Bad user account config
  6. Insecure OS privileges
  7. Insecure replica set keyfile config
  8. Bad SSL config
  9. Unprotected backups
  10. General ignorance

For every point, Nilsson includes a description and a solution to help you keep your data secure. Some are fairly obvious - you don't want to just provide unlimited internet access to your MongoDB servers, for example - while others, such as SSL configuration, may require a bit more thought.

Also, Nilsson published another piece on MongoDB security before this one, and there is still a third part to come. Head over to Nilsson's full article on MongoDB's blog for all the details.

Building Identity Management, including authentication and authorization? Try Stormpath! Our REST API and robust Java SDK support can eliminate your security risk and can be implemented in minutes. Sign up, and never build auth again!


The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}