These methods can be really convenient, but they pose a huge security risk to your database integrity if your application does not sanitize and escape user-provided values properly, as proven by many reports of NoSQL injection attacks.
/etc/mongod.conf with your favorite code editor and look for the security section:
If you can’t find
mongod.confor it is named
mongodb.confinstead, it means that you are using a really old and broken version of MongoDB. Please read this guide on how to upgrade to a more recent version.)
Make sure to add the following line inside the
Now save the file and restart
$ sudo service mongodb restart
Done! Your deployment is now resistant to NoSQL injections!