Boosting security
After the recent waves of ransomware that were locking down unsecured MongoDB servers, asking for ransom payments in cryptocurrency from the administrators to unlock the MongoDB servers, many developers have become more security-conscious. Security is one of the items on a checklist that we, as developers, may not prioritize highly enough, due to the optimistic belief that it won’t happen to us. The truth is, in the modern internet landscape, everyone can be a target of automated or directed attacks, so security should always be taken into account, from the early stages of the design to after production deployment.
Enabling security by default
Every database (other than local development servers, perhaps) should be set up with the following in the mongod.conf file:
security:
authorization: enabled
Note
Secure Sockets Layer (SSL) should always be enabled, as we described in the relevant chapter: Chapter...
