Secure MongoDB Access with Username and Password Authentication
How to Secure MongoDB with Username and Password?
Securing a MongoDB instance with a username and password is essential to protect data from unauthorized access. MongoDB provides built-in authentication, which you can enable to require users to log in with credentials. This is a key security measure, especially when exposing MongoDB instances over a network.
Description:
To secure MongoDB, you can enable authentication, create a database user with a username and password, and configure MongoDB to require these credentials for access. This setup protects the database from unauthorized access by enforcing user-based access control. Once enabled, MongoDB will restrict access to authenticated users, adding an important layer of security.
Steps
- Enable Authentication in MongoDB
Modify the MongoDB configuration file (mongod.conf) to enable authentication. - Create a Database User
Add a user with specific roles and permissions. - Connect to MongoDB with Authentication
Use the created username and password when connecting to MongoDB.
Syntax and Steps:
- Enabling Authentication in mongod.conf
To enable authentication, modify the MongoDB configuration file (mongod.conf):
# Open mongod.conf and enable security with authorization security: authorization: "enabled" # Enables access control
After saving the changes, restart the MongoDB service for the configuration to take effect.
# Restart MongoDB to apply changes sudo systemctl restart mongod
Open the MongoDB shell and connect without authentication. Then, switch to the admin database to create a user with the necessary roles:
// Switch to the admin database use admin // Create a new user with username 'myUser' and password 'myPassword' db.createUser({ user: "myUser", // Set the username pwd: "myPassword", // Set the password roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] // Assign roles })
- userAdminAnyDatabase: This role allows the user to manage other users across all databases.
Once authentication is enabled, connect to MongoDB using the created credentials:
# Connect to MongoDB with username and password mongo -u myUser -p myPassword --authenticationDatabase admin
Explanation:
- Enable Authentication
By setting authorization: "enabled" in mongod.conf, MongoDB requires users to log in with valid credentials, enforcing access control. - Create a User
In the admin database, db.createUser is used to create a user with a specified role. The userAdminAnyDatabase role grants the user permission to manage other users and databases. - Connect with Credentials
Use -u and -p to specify the username and password when connecting to MongoDB. This ensures only authenticated users can access or modify data.
These steps establish secure access to MongoDB and help prevent unauthorized users from connecting to the database.
It will be nice if you may share this link in any developer community or anywhere else, from where other developers may find this content. Thanks.
https://w3resource.com/mongodb/snippets/how-to-secure-mongodb-with-username-and-password.php
- Weekly Trends and Language Statistics
- Weekly Trends and Language Statistics