w3resource

Secure MongoDB Access with Username and Password Authentication

How to Secure MongoDB with Username and Password?

Securing a MongoDB instance with a username and password is essential to protect data from unauthorized access. MongoDB provides built-in authentication, which you can enable to require users to log in with credentials. This is a key security measure, especially when exposing MongoDB instances over a network.

Description:

To secure MongoDB, you can enable authentication, create a database user with a username and password, and configure MongoDB to require these credentials for access. This setup protects the database from unauthorized access by enforcing user-based access control. Once enabled, MongoDB will restrict access to authenticated users, adding an important layer of security.

Steps

  • Enable Authentication in MongoDB
    Modify the MongoDB configuration file (mongod.conf) to enable authentication.
  • Create a Database User
    Add a user with specific roles and permissions.
  • Connect to MongoDB with Authentication
    Use the created username and password when connecting to MongoDB.

Syntax and Steps:

  • Enabling Authentication in mongod.conf
    To enable authentication, modify the MongoDB configuration file (mongod.conf):
    # Open mongod.conf and enable security with authorization
    security:
      authorization: "enabled"  # Enables access control
    

    After saving the changes, restart the MongoDB service for the configuration to take effect.
  • # Restart MongoDB to apply changes
    sudo systemctl restart mongod
    

  • Creating a MongoDB User
    Open the MongoDB shell and connect without authentication. Then, switch to the admin database to create a user with the necessary roles:
  • // Switch to the admin database
    use admin
    // Create a new user with username 'myUser' and password 'myPassword'
    db.createUser({
      user: "myUser",                   // Set the username
      pwd: "myPassword",                // Set the password
      roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] // Assign roles
    })
    
    • userAdminAnyDatabase: This role allows the user to manage other users across all databases.
  • Connecting to MongoDB with Username and Password
    Once authentication is enabled, connect to MongoDB using the created credentials:
  • # Connect to MongoDB with username and password
    mongo -u myUser -p myPassword --authenticationDatabase admin
    

Explanation:

  • Enable Authentication
    By setting authorization: "enabled" in mongod.conf, MongoDB requires users to log in with valid credentials, enforcing access control.
  • Create a User
    In the admin database, db.createUser is used to create a user with a specified role. The userAdminAnyDatabase role grants the user permission to manage other users and databases.
  • Connect with Credentials
    Use -u and -p to specify the username and password when connecting to MongoDB. This ensures only authenticated users can access or modify data.

These steps establish secure access to MongoDB and help prevent unauthorized users from connecting to the database.



Become a Patron!

Follow us on Facebook and Twitter for latest update.

It will be nice if you may share this link in any developer community or anywhere else, from where other developers may find this content. Thanks.

https://www.w3resource.com/mongodb/snippets/how-to-secure-mongodb-with-username-and-password.php