MongoDB for Developers with Python Transcripts
Chapter: Deploying MongoDB in production (and playing it safe)
Lecture: Warning: Action required
Login or
purchase this course
to watch this video and the rest of the course contents.
0:01
You've learned almost everything you need to know about MongoDB to work with it, to make it fast, to access it from things like MongoEngine.
0:08
The last thing is to actually put it into production, to use MongoDB in production to set up our applications,
0:15
to talk to a secured version of MongoDB, all of those things. So we're going to focus on two main areas,
0:22
one deploy MongoDB for production servers, two, doing that safely. So far, what we've been doing is we've been running our web app,
0:31
or script, our little test app, whatever it is that we're going to be building, a little thing we even playing with, and that's the blue thing here,
0:38
and we've been running it and talking to MongoDB on our local machine, probably our laptop, and we've been just on the local loop back,
0:45
127.0.0.1, talking to MongoDB, and I have gone on and on about how you must not listen on another ip address on your local dev machine,
0:56
take that thing to a coffee shop or worse, to like a big hotel where there's a tech conference, god forbid, black hat or something going on
1:05
and that thing will be in some serious, serious trouble right away. By the way, did you know on your Mac that the firewall is off by default?
1:13
That's right off by default, that's crazy, but it is, so just another thing to consider,
1:19
layers and layers and layers, but assuming we're only listening on local loopback we're pretty safe like this,
1:25
but we have been running without encryption and running without authentication, MongoDB gave us a little warning when we connected
1:33
but you have to connect, you have to care, if you connect with code and not with a shell, there is no warning it just works,
1:39
we're going to set up an entirely different thing we're going to have a set of web front ends, fake web front ends,
1:45
we're not really going to write a website, but what would stand in for our website and we're going to have our production MongoDb server,
1:52
and these things are going to talk to each other over at least the file computing data center connection,
1:58
potentially farther than that, so we're going to have to open this thing up and that means we need to add things like encryption,
2:05
we need to add authentication, firewall sorts of rules and things like that. That's what we're going to talk about in this chapter.
2:11
This is a bit of a chore, right, this is not the default unfortunately this is not the falling into the pit of success type of thing,
2:19
you have to work to get this set up correctly so let me just give you some very recent warnings this is not to tell you not to use MongoDB,
2:28
I use MongoDB for my production stuff, I love MongoDB but you must use it carefully, it's like a sharp knife.
2:34
What I am about to show you is not meant to dissuade you in any way but just to make sure you really have this burnt your mind
2:40
that you have to be careful when you're deploying stuff to production with MongoDB. That said, check this out— here are some recent headlines
2:48
and you want your company and your data to be nowhere near them, MongoDB databases are being hacked for ransom using ransomware
2:57
notice this is 2017, here's a little example, look at this, show dbs, please read, use please read, show collections,
3:05
please read me do a little find on it and you get your database is been hacked and encrypted you have to send a bitcoin here to get it back
3:14
and chances are they will probably just throw away your data and they'll take your bitcoin and yeah, good job,
3:18
okay, so here's another one, how about this massive ransomware attack takes out 27 thousand MongoDB servers
3:25
terabytes and terabytes of data, the petabytes of data we're lost to the world, so these are all not good things, right, you've lost your data
3:32
here is one more, two million recordings of families imperiled by cloud connected toys crappy MongoDB you don't want that anywhere near your business,
3:42
so this is a little bear thing here, that with a light on it it connects to the internet and it connects to a service
3:48
and then the parent and the kid can like talk to each other over the internet through the bear,
3:53
that was basically all that data in that exchange was done entirely on a wide open MongoDB database with no account at all,
4:00
just hey here's the port, connect to it, go have fun. All right, so the problem here is that MongoDB lets you listen
4:08
on the wide open internet without a usnername and password and without encryption and that's the default.
4:14
What we're going to do it is we're going to add all those things but you just wanted to be really clear
4:20
like this is not an optional step, we really need to do this unless you're running this, like say you're running a website
4:25
and the database server is running the same machine as the web server and it just talks over a local host
4:31
any other scenario use to be extremely careful and we're going to go through all the steps necessary to get this working just right.