CODEWITHSUNDEEP
javascriptjavamongodbsecuritydatabase
RedEagle
RedEagle

Reputation: 4560

MongoDB Security issue

My confidence in MongoDB security is shaken, and I'm hopping it will be restored with an explanation that I'm doing something wrong...

I've created MongoDB's Windows Service like this:

mongod --logpath "C:\mongoDB\logs" --logappend --dbpath "C:\mongoDB\data\db" --serviceName MongoDB --serviceDisplayName "Mongo DB" --port 27017 --auth --install

I've then created a DB and added the administration user to that DB's system.users collection.

Then I filled that DB with some random information to a test collection I've created.

Up until now, everything is great and I am able to access the DB only if I have the administrator credentials...

Now the important part...

I removed the service like this:

mongod --remove --serviceName "MongoDB"

Then I recreated the service but with no authentication like this:

mongod --logpath "C:\mongoDB\logs" --logappend --dbpath "C:\mongoDB\data\db" --serviceName MongoDB --serviceDisplayName "Mongo DB" --port 27017 --noauth --install

What amazes me is that I am now able to access the DB I've created with now authentication...

Please tell me I should have done something differently.

Upvotes: 1

Views: 578

Answers (3)

RedEagle
RedEagle

Reputation: 4560

Well...

Since if we edit the database files with a text editor, we can see the stored information, you are right, the information isn't encrypted.

Following this order of ideias in my opinion it is redudant to specifiy the user and password when executing mongodump or mongorestore commands on a secured database. Let's face it, if a baddly intentioned administrator would be interested on exporting the data, he could do it editing the database files itself, with much more work of course :P

I know authentication is at a DB level not the instance itself (through admin database), but im my opinion it is very easy once more for a baddly intencioned user to get the DB information since he doesn't need to specify authentication to remove Windows Service...

Thank you for your opinions!

Upvotes: 0

Chris Heald
Chris Heald

Reputation: 62648

Authentication happens at the daemon level, not at the database level. The data itself is not encrypted or otherwise access-controlled. If you run the service without requiring credentials, then, as expected, no credentials are required to connect and use it.

This is generally not considered to be problematic, as if you have access to the server and can modify the daemon, you by definition have access to the datafiles anyway.

Upvotes: 5

Woot4Moo
Woot4Moo

Reputation: 24316

No auth means you dont have to provide credentials:

noauth

Default: true

Disable authentication. Currently the default. Exists for future compatibility and clarity.

For consistency use the auth option.

source

The configuration mistake you made was that you disabled any authentication measure in your database.

Upvotes: 1

Related Questions