Security best practices for MongoDB

  • MongoDB doesn’t have access control enabled by default. You must enable it. Also, configure RBAC (role-based access control).
  • Configure Transport Layer Security to encrypt all traffic to and from the database.
  • Use at rest encryption to protect the contents of the DB in the event that someone is able to copy the database files (in a backup, for instance) or the server image.
  • Restrict network exposure to tighten the security of the network topology that hosts the MongoDB database.
  • Use official MongoDB package repositories. Ensure that the packages are official MongoDB packages and pass the authenticity checks.
  • Disable JavaScript execution where possible. Troublesome operators - $where, mapReduce, and group - can be incredibly dangerous.

Full post here, 7 mins read