Enabling security by default

Every database (other than local development servers, perhaps) should be set up with the following in the mongod.conf file:

auth = true
SSL should always be enabled, as we described in the relevant Chapter 8, Monitoring, Backup, and Security.

REST and HTTP status interfaces should be disabled by adding the following lines to mongod.conf:

nohttpinterface = true
rest = false

Access should be restricted to only communication between application servers and MongoDB servers, and only in the interfaces that are required. Using bind_ip, we can force MongoDB to listen to specific interfaces, instead of the default binding to every interface-available behavior:

bind_ip = 10.10.0.10,10.10.0.20
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset