Shulou(Shulou.com)06/01 Report--

Preface

Recently, MongoDB has been used in the production environment for some time, but the data storage of MongoDB has not been used for permission access (MongoDB is set to no permission access restrictions by default). Recently, I read a technical article on Coolshell (https://coolshell.cn/?s= from + MONGODB+ "ransom event" + look at security issues & from=timeline&isappinstalled=0). The event that mongodb did not turn on permission authentication caused data to be stolen by hackers and asked for bitcoin redemption. Considering the reason of data security, I spent some time studying it. The version I use now is MongoDB3.4.2, which is verified on the Linux system, and I open it in a similar way on win8.

Like other databases, permissions are managed in much the same way.

But the difference is that mongodb users are associated with the database, the specific database, or need to have corresponding users, that is, even the super administrator can not operate other databases.

Mongodb stores all user information in the collection system.users of the admin database, saving user names, passwords, and database information.

Mongodb does not enable authorization authentication by default, as long as you can connect to the server, you can connect to mongod. To enable security authentication, you need to change the profile parameter, auth.

Here are the steps to turn on permission authentication.

I. create users in an unauthorized way

1. Log in without authorization (that is, without-- auth parameter) to create a system administrator user

2. Go to the installation bin directory of mongodb

3. Client login

4. Switch to admin database

5. Create users for admin database

6. View users

Use the db.system.users.find () command to view the user we just created

Finally, the mongodb process will be killed and started with authorization.

2. Start by authorization

1. Add-start authorization with auth parameter

2. Log in and switch to admin database

3. If you look at the database again, you will find that there is no permission.

At this point, use db.auth ('hehaitao','hehaitao') to enable auth authentication

You will see that the returned value is 1, which means that the startup is successful, and then we use the command to view the database

If you find it, you can use it to view.

Summary

The above is the whole content of this article, I hope that the content of this article has a certain reference and learning value for your study or work, if you have any questions, you can leave a message and exchange, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.