CODEWITHSUNDEEP
mongodbmongoose
Jellow
Jellow

Reputation: 101

MongoDB authorization issues

I just learned to use mongoDB, and after deploying it on the server, I created a user. When I use mongoose to connect, I can connect without even entering the account password!

connectionStr:`mongodb://xxxx:27017/test`

But when I use MongoDB Compass to connect, if I don't enter the account password, I can't connect. I want to know why this is the case. Because I have turned on Security, I think it is impossible to connect using mongoose without entering the password.

enter image description here

Upvotes: 0

Views: 794

Answers (1)

Wernfried Domscheit
Wernfried Domscheit

Reputation: 59476

Yes, you can always connect to MongoDB without password.

However, without authentication you cannot execute any command (apart from db.getMongo()):

C:\>mongo localhost
MongoDB shell version v4.4.0
connecting to: mongodb://127.0.0.1:27017/localhost?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("f44422c7-f462-405a-8432-594d75ff451a") }
MongoDB server version: 4.4.0
ANONYMOUS@localhost> db.getMongo()
connection to 127.0.0.1:27017
ANONYMOUS@localhost> db.stats()
{
        "ok" : 0,
        "errmsg" : "command dbStats requires authentication",
        "code" : 13,
        "codeName" : "Unauthorized"
}
ANONYMOUS@localhost> exit
bye

There is another special point in MongoDB. When you enable security and start the service then you can still connect to database without username/password - unless you created an initial admin user.

This function is called Localhost Exception

Another note, when you connect to Mongo then you should specify the authentication database, see Authentication failure while trying to save to mongodb

Upvotes: 1

Related Questions