Percona Live 2016: MongoDB SecurityDave Avery
It’s almost time for the closing remarks and passport prize give away at Percona Live 2016, but still the talks keep coming. I was able to quickly pop into a lecture on MongoDB Security with Stephane Combaudon, MySQL Consultant at Slice Technologies.
Stephane went over some of the reported security issues with MongoDB and explained that MongoDB has good security features. Data security is a concern for most people, and recent reports in the news show that significant amounts of user details stored in MongoDB are easily accessible. This doesn’t mean that MongoDB can’t secure your data. As Stephane explained, MongoDB can be correctly secured – but some features are not enabled by default. In this session, we learned the main items that need to be checked to get a robust MongoDB deployment. Those items include:
- Network security: Stopping people from connecting to your MongoDB instances
- Operating system security: stopping people from connecting to MongoDB and taking control of your servers
- User security: how to make sure that users can only interact with specific portions of the data
I had a chance to quickly speak with Stephane after his talk: