Remotely dumping mongodb collection

Question

So I wanted to dump the mongoDB collection running on another server. The following were the steps taken:
1. create an username and password in admin

 $ db.createUser(
     {
       user: "username1",
       pwd: "password1",
       roles: [
               { role: "userAdminAnyDatabase", db: "admin" },
               { role: "readWriteAnyDatabase", db: "admin" },
               { role: "dbAdminAnyDatabase", db: "admin" },
               { role: "clusterAdmin", db: "admin" }
            ]
     }
   )

2. Then added the private ip (xxxx) of the database server in the mongod.conf (/etc/mongod.conf) bindIp field

bindIp: 127.0.0.1,x.x.x.x

3. Then ran mongodump as follows:

$ mongodump --host x.x.x.x:27017 -d database_name -c collection_name --out path_to_mongoDump -u username1 -p password1 --authenticationDatabase admin

The above dumped the collection to the app server at the specified location without any problems.

Is the above approach secure ? Or is there a better way to do the above?

Thanks.

Reference links:
1. What does the --bindip configuration option in mongodb does?
2. How to connect to MongoDB EC2 instance
3. How to secure MongoDB with username and password
4. Mongodump from remote server

Answer 1

You should use the options --ssl , so that the complete communication is encrypted. If you leave out that option, it is possible for an attacker to listen to your communication and extract the data from your database.

When you use this options you should be safe and no other steps need to be taken.