Shulou(Shulou.com)06/01 Report--

MongoDB does not have account opening authentication by default. Unless public network access is not open, this mode is extremely insecure. The steps to add authentication are recorded as follows:

When you configure to create a user, you need to turn off:

# security:

# # Authentication files used for communication between replica sets

# keyFile: / home/soft/mongodb-linux-x86_64-rhel62-3.4.2-shard2/mongo-key

# clusterAuthMode: "keyFile"

# # enabling authentication

# authorization: "enabled"

Because you want to use use admin, if you open the authorization, you do not have a password. So... no, no, no.

1: before adding authentication, run mongo to create an administrator user, otherwise you cannot log in after account opening verification

Use admindb.createUser ({user: "root", pwd: "abc123", roles: [{role: "root", db: "admin"}]})

For a list of available permissions, see: https://docs.mongodb.org/manual/reference/built-in-roles/

2: export keyfile (for authentication between clusters) and copy it to each machine

Export Authentication key Fil

Openssl rand-base64 741 > mongo-keychmod 600 mongo-key # this must be 600

3: stop the mongod thread. / mongod-f mongod.conf-- shutdown

4: add the following configuration to the mongod.conf file:

Add mongodb user

Security: # # Authentication file used for communication between replica sets keyFile: / home/soft/mongodb-3.2.1/mongo-key clusterAuthMode: "keyFile" # # enable authentication authorization: "enabled"

5: start mongod

6: start mongo

7: add users for other purposes now, but you must authenticate first

Authenticate and add users

Use admin;db.auth ("root", "abc123"); before creating a user, you must first switch to the database where you want to create the user, otherwise it will be created into the current library

Use datacenter_qc;db.createUser (user: "candao_sys", pwd: "candao2016", roles: [{role: "dbOwner", db: "datacenter_qc"}]}); db.createUser ({/ / create a read-only user user: "candao_user", pwd: "candao_2016", roles: [{role: "read", db: "datacenter_qc"}]}) It should be noted here that the db,qc environment is datacenter_qc and the formal environment is datacenter_release.

8: now you need to specify a user and password when connecting to the database in the code

Before modification: mongodb://192.168.86.73:27017/datacenter_qc?replicaSet=candao_qc after modification: mongodb://candao_sys:candao2016@192.168.86.73:27017/datacenter_qc?replicaSet=candao_qc&authSource=datacenter_qc

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.