Security for mongodb is disabled by default when you install it. How do you enable it so that nobody can access your database?
meda Changed status to publish 16/07/2022
Steps to secure mongo database. I will assume everything is configured and properly working.
- show dbs to list down available databases
- use admin to select admin database so we can create root user first.
-
db.createUser({ user: 'adminusername', pwd: passwordPrompt() || "plainPassword" i.e use passwordPrompt() if mongodb version is >= 4.2 roles: [{role: "userAdminAnyDatabase", db: "admin"}, "readWriteAnyDatabase"] })i.e if everything is fine, you will be prompted to enter a password.
- After this configuration go ahead and enable authentication on mongodb conf file. if you are using ubuntu go ahead and edit /etc/mongod.conf (i.e if in windows mongo/4.4/bin/mongod.cfg) uncomment security section Then add the authorization parameter and set it to enabled. . . .
security:
authorization: enabled
. . . then save and exit from the editor - sudo systemctl restart mongodb restart your mongodb service so that the changes take effect. i.e if you are on windows go to services.msc and restart mongodb service.
the_reactor Edited answer 18/02/2022