Eve: Building RESTful APIs with MongoDB and Flask Transcripts
Chapter: Appendix: Deploying MongoDB
Lecture: The MongoDB deployment checklist
0:00 Let's go through the MongoDB security checklist. Now, most of these come from MongoDB,
0:06 but also from me personally, from my experience running the server. I've run professional commercial websites
0:13 using MongoDB for many years, 5 or 6 years and we've never had any problems, but you have to follow the rules.
0:18 Some of the rules include things like limit network exposure, so this is always a good idea for databases
0:24 or anything else that listens on the internet, if something doesn't need to talk to it, don't allow it to have an open connection.
0:31 Enable access control, that means add users and require them to authenticate, this should really be the default, if I were king of MongoDB,
0:42 and I'm not, but if I were a king of MongoDB, I would make a decree, a new rule that says
0:47 MongoDB is not allowed to listen on anything other than local host, unless it has access control enabled, period.
0:55 That's not the way it works right now though, by default you can just say listen on 0000
1:00 and it will, even if that's wide open, so that can be problematic, so we're going to change that,
1:08 encrypt the communication, so certainly what goes on the wire should be ssl style encrypted, but there is an option to encrypt the data at rest,
1:16 I think you have to get the enterprise version of MongoDB which is the paid version this is not something I worry too much about
1:23 but if it's something that you were about, you can encrypt the data at rest using the wire tiger engine.
1:28 You can audit system activity, this is easy enough turn on what's called a caped collection and turn on auditing so it will keep some standard amount
1:40 obviously set up logging, all those types of things. Back up, obviously you want to back up your data
1:47 this is production data, so back up, back up, back up, back up, set up some way to back up and we'll see that there's two options
1:53 we can run a tool called Mongo dump which will just take a complete backup and for a certain size of data, that could be pretty large actually
2:01 but for certain size that works fine, at some point if you truly are working with tremendous amounts of data that doesn't work so well
2:08 so there's various ways to set up replicas that are like delayed or right on time, things like this
2:14 but back up, back up, back up, an important thing to do. So you can find all the details on how to do this here
2:21 at mongodb.com/manual/administration/security-checklist now you're welcome to go over there and check that out and I encourage you to do so,
2:29 but we're going to go through each of the yellow steps here we're not going to talk about auditing, but everything else pretty much
2:33 and encryption and rest, we're also not going to do that, everything else we're going to do as part of this chapter.