MongoDB Security issue

1
votes

My confidence in MongoDB security is shaken, and I'm hopping it will be restored with an explanation that I'm doing something wrong...

I've created MongoDB's Windows Service like this:

mongod --logpath "C:\mongoDB\logs" --logappend --dbpath "C:\mongoDB\data\db" --serviceName MongoDB --serviceDisplayName "Mongo DB" --port 27017 --auth --install

I've then created a DB and added the administration user to that DB's system.users collection.

Then I filled that DB with some random information to a test collection I've created.

Up until now, everything is great and I am able to access the DB only if I have the administrator credentials...

Now the important part...

I removed the service like this:

mongod --remove --serviceName "MongoDB"

Then I recreated the service but with no authentication like this:

mongod --logpath "C:\mongoDB\logs" --logappend --dbpath "C:\mongoDB\data\db" --serviceName MongoDB --serviceDisplayName "Mongo DB" --port 27017 --noauth --install

What amazes me is that I am now able to access the DB I've created with now authentication...

Please tell me I should have done something differently.

3
javascriptjavamongodbsecuritydatabase
You turned off authentication and are concerned you can access the data without authentication? The authentication controls who can access it it shouldn't encrypt the data. It's doing what you told it to do.Andrew T Finnell
As noted in other comments, authentication controls access through the mongod service but does not encrypt or change the data on disk. This is consistent with other software .. for example, setting a password in Windows does not encrypt your data either. There are solutions for encryption of sensitive data; see Securing Data in MongoDB with Gazzang.Stennie

3 Answers

5
votes

Authentication happens at the daemon level, not at the database level. The data itself is not encrypted or otherwise access-controlled. If you run the service without requiring credentials, then, as expected, no credentials are required to connect and use it.

This is generally not considered to be problematic, as if you have access to the server and can modify the daemon, you by definition have access to the datafiles anyway.

1
votes

No auth means you dont have to provide credentials:

noauth

Default: true

Disable authentication. Currently the default. Exists for future compatibility and clarity.

For consistency use the auth option.

source

The configuration mistake you made was that you disabled any authentication measure in your database.

0
votes

Well...

Since if we edit the database files with a text editor, we can see the stored information, you are right, the information isn't encrypted.

Following this order of ideias in my opinion it is redudant to specifiy the user and password when executing mongodump or mongorestore commands on a secured database. Let's face it, if a baddly intentioned administrator would be interested on exporting the data, he could do it editing the database files itself, with much more work of course :P

I know authentication is at a DB level not the instance itself (through admin database), but im my opinion it is very easy once more for a baddly intencioned user to get the DB information since he doesn't need to specify authentication to remove Windows Service...

Thank you for your opinions!