background
The permission verification mechanism (user) is not added during MongoDB initialization. As a result, the database is vulnerable to attack and deletion, for example, 😭
The solution
Change the default port number of MongoDB.
Modify the mongod. Conf port number configuration
Two: Add users to the MongoDB database
- Enable database security options
Change the mongod. Conf configuration:
security:
authorization: enabled
Copy the code
-
Add users to the database
- Switch to the database you want to operate on
- Db. CreateUser ({user: “username”, PWD: “password”, roles: [role]}) for roles such as readWrite and dbOwner, see the official website
- The auth (” username “, “PWD”)
- Restarting the mongodb service
-
The mongodb connection of the server needs to be changed accordingly. Take Node. js as an example to use MongoClient to connect to mongodb
let MongoClient = require('mongodb').MongoClient; / / own link address let url = 'mongo: / / 127.0.0.1:27017 /? gssapiServiceName=mongodb'; MongoClient.connect( url, { authSource: 'sword', auth: { user: 'username', password: '*******', }, }, callback );Copy the code
Node.js MongoDB Driver API