Eve: Building RESTful APIs with MongoDB and Flask Transcripts
Chapter: Appendix: Deploying MongoDB
Lecture: The MongoDB deployment checklist
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
Let's go through the MongoDB security checklist.
0:03
Now, most of these come from MongoDB,
0:05
but also from me personally, from my experience running the server.
0:09
I've run professional commercial websites
0:12
using MongoDB for many years, 5 or 6 years
0:14
and we've never had any problems, but you have to follow the rules.
0:17
Some of the rules include things like limit network exposure,
0:20
so this is always a good idea for databases
0:23
or anything else that listens on the internet,
0:26
if something doesn't need to talk to it, don't allow it to have an open connection.
0:30
Enable access control, that means add users and require them to authenticate,
0:36
this should really be the default, if I were king of MongoDB,
0:41
and I'm not, but if I were a king of MongoDB,
0:43
I would make a decree, a new rule that says
0:46
MongoDB is not allowed to listen on anything other than local host,
0:50
unless it has access control enabled, period.
0:54
That's not the way it works right now though,
0:56
by default you can just say listen on 0000
0:59
and it will, even if that's wide open, so that can be problematic,
1:04
so we're going to change that,
1:07
encrypt the communication, so certainly what goes on the wire
1:09
should be ssl style encrypted,
1:12
but there is an option to encrypt the data at rest,
1:15
I think you have to get the enterprise version of MongoDB which is the paid version
1:20
this is not something I worry too much about
1:22
but if it's something that you were about,
1:24
you can encrypt the data at rest using the wire tiger engine.
1:27
You can audit system activity, this is easy enough
1:32
turn on what's called a caped collection and turn on auditing
1:36
so it will keep some standard amount
1:39
obviously set up logging, all those types of things.
1:42
Back up, obviously you want to back up your data
1:46
this is production data, so back up, back up, back up, back up,
1:49
set up some way to back up and we'll see that there's two options
1:52
we can run a tool called Mongo dump which will just take a complete backup
1:56
and for a certain size of data, that could be pretty large actually
2:00
but for certain size that works fine,
2:03
at some point if you truly are working
2:05
with tremendous amounts of data that doesn't work so well
2:07
so there's various ways to set up replicas
2:09
that are like delayed or right on time, things like this
2:13
but back up, back up, back up, an important thing to do.
2:16
So you can find all the details on how to do this here
2:20
at mongodb.com/manual/administration/security-checklist
2:23
now you're welcome to go over there and check that out
2:25
and I encourage you to do so,
2:28
but we're going to go through each of the yellow steps here
2:30
we're not going to talk about auditing, but everything else pretty much
2:32
and encryption and rest, we're also not going to do that,
2:35
everything else we're going to do as part of this chapter.