How to Use SCRAM-SHA1 as Authentication Method in MongoDB
Learn how to improve your server security by using the new SCRAM-SHA1 authentication mechanism instead of the old MONGODB-CR
SCRAM-SHA-1 is the default authentication mechanism for versions of MongoDB newer than 3.0. SCRAM-SHA-1 is an IETF standard (RFC 5802), and verifies the user’s name, password and authentication database.
SCRAM-SHA-1 is more secure than the previously-used MONGODB-CR, given that it provides a tunable work factor, per-user random salts, stronger hashes (SHA-1 rather than MD5), and bidirectional client<>server authentication.
How to use SCRAM-SHA-1 on MongoDB 3.x
SCRAM-SHA-1 is enabled by default in MongoDB versions beginning with the 3.0 series. There’s nothing special you need to do in order to use it, apart from enabling authentication.
How to use SCRAM-SHA-1 on older MongoDB versions (2.x)
The MongoDB 2.x series did not support SCRAM-SHA-1 and there’s no way to make it work. For this and many other reasons (among them some alarming security issues), please consider upgrading your MongoDB server to the latest stable version.
Take into account that all MONGODB-CR credentials will be disabled after the upgrade
Please note that whatever authentication method is used, queries and returned data travel in clear text through the Internet unless you have successfully enabled TLS encryption.
