Securing your mongodb database

When setting up a Mongo database on a production environment, its considered a good practice to secure it. I have learned this in a hard way after my mongodb instance got hacked. So i’d encourage you to secure yours (in case you still haven’t) before it gets compromised.

Before you secure your existing database, you need to first secure the admin database that gets shipped with everyMongo database.

Login to your mongo shell and run the following command

The above command would create a new admin user (make sure you change the password in your case) with a root access and assign the user to the “admin” database.

Once this is done, you need to secure your own database. Run the following command…

The above command will create a new user “my_user” (don’t forget to change the password) with a “read” and “write”¬†access and assign that user to the “mydatabase” database.

Now, you need to specify the new username and password everytime you connect to your database.

Hope that helps!