Using secure configuration options

It goes without saying that the same configuration options should be used. We must use one of the following:

  • MapReduce
  • The mongo shell group operation or a group operation from our client driver
  • $where JavaScript server evaluation

If we don't, we should disable server-side scripting by using the --noscripting option on the command line when we start our server.

The mongo shell group operation, as mentioned in the previous list, can be a tricky one as many drivers may use MongoDB's group() command when we issue group commands in the driver. However, given the limitations that group() has in terms of performance and output documents, we should rethink our design to use the aggregation framework or application-side aggregations.

The web interface also has to be disabled by not using any of the following commands:

  • net.http.enabled
  • net.http.JSONPEnabled
  • net.http.RESTInterfaceEnabled

On the contrary, wireObjectCheck needs to remain enabled as it is by default, and ensures that all documents stored by the mongod instance are valid BSON.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset