默认的MongoDB连接安全性
[英]Default MongoDB connection safety
问题描述
I am wondering if the vanilla installation of MongoDB on Ubuntu can be accessed by the outside world? 
我想知道外界是否可以访问Ubuntu上的MongoDB原始安装? I have sensitive information thats being written to the database via Node.js (all running on the same box) and want to make sure it is safe. 我有一些敏感信息,这些信息是通过Node.js(都在同一个盒子上运行)写入数据库的,并希望确保它是安全的。
2 个解决方案
解决方案1
0 2013-12-08 21:45:48
I would recommend using UFW - Uncomplicated Firewall 我建议使用UFW-不复杂的防火墙
Install UFW and enable, enter: 安装UFW并启用,输入:
sudo apt-get install ufw
Check the status: 检查状态:
sudo ufw status verbose
Allow MongoDB and HTTP services (assuming default Mongo port): 允许MongoDB和HTTP服务(假设默认的Mongo端口):
sudo ufw allow 27017
sudo ufw allow 80
Enable the firewall: 启用防火墙:
sudo ufw enable
解决方案2
0 2013-12-08 23:04:59
If you do not need connections from another instance, set the following in the configuration (which is probably the default anyway): 如果不需要来自其他实例的连接,请在配置中设置以下内容(无论如何可能是默认设置):
bind_ip = 127.0.0.1
If you need access (for example to connect to the database from your own machine for debugging,...) you can either use an SSH tunnel or set up a firewall rule (if you have a static IP; you'll obviously need to disable bind_ip ). 如果您需要访问权限(例如从您自己的计算机连接到数据库以进行调试,...),则可以使用SSH隧道或设置防火墙规则(如果您具有静态IP;显然,您需要禁用bind_ip )。
Firewalling is a good idea in general, but if your service does not need remote connections, simply disable them. 防火墙通常是一个好主意,但是如果您的服务不需要远程连接,只需禁用它们即可。 And probably use a firewall with default deny. 并且可能使用默认拒绝的防火墙。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.