All geek questions in one place

Is it good to use mongoDB without a password?

I plan to install mongodb and a windows service that connects to it on the same computer. This machine will be in an isolated network.

When we do it like that. Can I connect a local mongodb password?

My planned properties will be like this ...

private MongoDatabase _db; public MongoDatabase DB { get { if (_db == null) { var mongoServer = MongoServer.Create(); _db = mongoServer.GetDatabase("myStatistics"); } return _db; } } private MongoCollection _collection; public MongoCollection Collection { get { return _collection ?? (_collection = DB.GetCollection("myStats")); } }
+4
source share
4 answers

There are two options:

  • Invalid password in a secure environment
  • Password protection

It's good to use MongoDB with auth disabled on a trusted network. MongoDb developers recommend working with a database in a reliable environment rather than focusing on auth settings.

+2
source

The same machine, an isolated network. I would say yes. I do the same with the system I'm working on. The only problem is that there are other computers connected to the network that are also connected to the Internet and may be insecure (no antivirus, firewall, etc.).

0
source

For me, the question is what do you get from running it without a password?

Even if you work in a reliable environment, is it really worth using a password? While a trusted environment should not be compromised, nothing is completely secure, and by adding a password you add an extra layer of protection. Therefore, if someone violates your server, they should not automatically access the database.

For the same reason, you must encrypt / hash user passwords when they are stored in the database. If someone violates your server, they do not automatically get access to everything.

This approach is called the depth of defense.

0
source

If your system is isolated, yes, you can do it. but think in perspective of the future picture of your project. You may need restricted users. You may need user roles, and if you do this very possibly, the better it is to start thinking in this direction and start using authentication. It will also add another level of security to your database without spending a lot of money.

0
source

Source: https://habr.com/ru/post/1382243/

More articles:


All Articles