Mongo DB Security Configuration

Goutam Singha
Sep 7, 2018 · 2 min read

Security gives you a feeling that you are in a safe zone. So, while deploying server and use MongoDB as local DB in the server, sometimes we don’t do the security setup and connect the DB without credentials. It’s a bad practice, we should consider the DB security as it played a major role in our server, web and mobiles apps. I don’t go to the deeper as you all know the list of security concerns of the server. While I set up the MongoDB security, I faced some problem to configure it. So, the following simple steps are given below from my experience to set up the configuration as you don’t do the same mistake and waste your valuable developer time.

Step 1: Create User and Set Roles with ReadWrite Access to DB

$ mongo

> show dbs

> use <db_name> // Switch to Particular DB

> db.createUser( { user: “username”, pwd: “password”, roles: [ { role: “superAdmin”, db: <db_name> }, “readWrite”]} ) // Take Reference

Step 2: Configure mongod.conf and Enable Authentication

$ sudo vi /etc/mongod.conf

  • Add the following code snippet at the #security
  • From #security: to

security:

authorization: enabled

Enable Authentication
  • Save and Exit

Step 3: Restart Mongod

$ sudo service mongod restart

Step 4: Connect the Database with username and password in Mongoose

uri — mongodb://username:password@localhost/db_name

Note: Don’t Jump Any Steps. If you don’t need security, then comment out the security in mongod.conf like

#security:

# authorization: enabled

Goutam Singha

Written by

NodeJS and ReactJS Developer

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade