Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Add authentication for MongoDB

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Share

Shulou(Shulou.com)06/01 Report--

MongoDB does not have account opening authentication by default. Unless public network access is not open, this mode is extremely insecure. The steps to add authentication are recorded as follows:

When you configure to create a user, you need to turn off:

# security:

# # Authentication files used for communication between replica sets

# keyFile: / home/soft/mongodb-linux-x86_64-rhel62-3.4.2-shard2/mongo-key

# clusterAuthMode: "keyFile"

# # enabling authentication

# authorization: "enabled"

Because you want to use use admin, if you open the authorization, you do not have a password. So... no, no, no.

1: before adding authentication, run mongo to create an administrator user, otherwise you cannot log in after account opening verification

Use admindb.createUser ({user: "root", pwd: "abc123", roles: [{role: "root", db: "admin"}]})

For a list of available permissions, see: https://docs.mongodb.org/manual/reference/built-in-roles/

2: export keyfile (for authentication between clusters) and copy it to each machine

Export Authentication key Fil

Openssl rand-base64 741 > mongo-keychmod 600 mongo-key # this must be 600

3: stop the mongod thread. / mongod-f mongod.conf-- shutdown

4: add the following configuration to the mongod.conf file:

Add mongodb user

Security: # # Authentication file used for communication between replica sets keyFile: / home/soft/mongodb-3.2.1/mongo-key clusterAuthMode: "keyFile" # # enable authentication authorization: "enabled"

5: start mongod

6: start mongo

7: add users for other purposes now, but you must authenticate first

Authenticate and add users

Use admin;db.auth ("root", "abc123"); before creating a user, you must first switch to the database where you want to create the user, otherwise it will be created into the current library

Use datacenter_qc;db.createUser (user: "candao_sys", pwd: "candao2016", roles: [{role: "dbOwner", db: "datacenter_qc"}]}); db.createUser ({/ / create a read-only user user: "candao_user", pwd: "candao_2016", roles: [{role: "read", db: "datacenter_qc"}]}) It should be noted here that the db,qc environment is datacenter_qc and the formal environment is datacenter_release.

8: now you need to specify a user and password when connecting to the database in the code

Before modification: mongodb://192.168.86.73:27017/datacenter_qc?replicaSet=candao_qc after modification: mongodb://candao_sys:candao2016@192.168.86.73:27017/datacenter_qc?replicaSet=candao_qc&authSource=datacenter_qc

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Database

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report