MongoDB for Developers with Python Transcripts
Chapter: Deploying MongoDB in production (and playing it safe)
Lecture: Warning: Action required
Login or
purchase this course
to watch this video and the rest of the course contents.
0:01
You've learned almost everything you need to know about MongoDB
0:04
to work with it, to make it fast, to access it from things like MongoEngine.
0:07
The last thing is to actually put it into production,
0:11
to use MongoDB in production to set up our applications,
0:14
to talk to a secured version of MongoDB, all of those things.
0:18
So we're going to focus on two main areas,
0:21
one deploy MongoDB for production servers, two, doing that safely.
0:25
So far, what we've been doing is we've been running our web app,
0:30
or script, our little test app, whatever it is that we're going to be building,
0:34
a little thing we even playing with, and that's the blue thing here,
0:37
and we've been running it and talking to MongoDB on our local machine,
0:40
probably our laptop, and we've been just on the local loop back,
0:44
127.0.0.1, talking to MongoDB, and I have gone on and on
0:49
about how you must not listen on another ip address on your local dev machine,
0:55
take that thing to a coffee shop or worse, to like a big hotel
0:59
where there's a tech conference, god forbid, black hat or something going on
1:04
and that thing will be in some serious, serious trouble right away.
1:08
By the way, did you know on your Mac that the firewall is off by default?
1:12
That's right off by default, that's crazy, but it is, so just another thing to consider,
1:18
layers and layers and layers, but assuming we're only listening
1:21
on local loopback we're pretty safe like this,
1:24
but we have been running without encryption and running without authentication,
1:29
MongoDB gave us a little warning when we connected
1:32
but you have to connect, you have to care, if you connect with code
1:35
and not with a shell, there is no warning it just works,
1:38
we're going to set up an entirely different thing
1:41
we're going to have a set of web front ends, fake web front ends,
1:44
we're not really going to write a website, but what would stand in for our website
1:49
and we're going to have our production MongoDb server,
1:51
and these things are going to talk to each other over
1:55
at least the file computing data center connection,
1:57
potentially farther than that, so we're going to have to open this thing up
2:01
and that means we need to add things like encryption,
2:04
we need to add authentication, firewall sorts of rules and things like that.
2:07
That's what we're going to talk about in this chapter.
2:10
This is a bit of a chore, right, this is not the default
2:14
unfortunately this is not the falling into the pit of success type of thing,
2:18
you have to work to get this set up correctly
2:21
so let me just give you some very recent warnings
2:24
this is not to tell you not to use MongoDB,
2:27
I use MongoDB for my production stuff, I love MongoDB
2:29
but you must use it carefully, it's like a sharp knife.
2:33
What I am about to show you is not meant to dissuade you in any way
2:36
but just to make sure you really have this burnt your mind
2:39
that you have to be careful when you're deploying stuff to production with MongoDB.
2:43
That said, check this out— here are some recent headlines
2:47
and you want your company and your data to be nowhere near them,
2:51
MongoDB databases are being hacked for ransom using ransomware
2:56
notice this is 2017, here's a little example, look at this,
3:00
show dbs, please read, use please read, show collections,
3:04
please read me do a little find on it and you get
3:08
your database is been hacked and encrypted
3:10
you have to send a bitcoin here to get it back
3:13
and chances are they will probably just throw away your data
3:15
and they'll take your bitcoin and yeah, good job,
3:17
okay, so here's another one, how about this
3:20
massive ransomware attack takes out 27 thousand MongoDB servers
3:24
terabytes and terabytes of data, the petabytes of data we're lost to the world,
3:28
so these are all not good things, right, you've lost your data
3:31
here is one more, two million recordings of families
3:34
imperiled by cloud connected toys crappy MongoDB
3:38
you don't want that anywhere near your business,
3:41
so this is a little bear thing here, that with a light on it
3:43
it connects to the internet and it connects to a service
3:47
and then the parent and the kid can like talk to each other
3:50
over the internet through the bear,
3:52
that was basically all that data in that exchange was done
3:55
entirely on a wide open MongoDB database with no account at all,
3:59
just hey here's the port, connect to it, go have fun.
4:03
All right, so the problem here is that MongoDB lets you listen
4:07
on the wide open internet without a usnername and password
4:10
and without encryption and that's the default.
4:13
What we're going to do it is we're going to add all those things
4:16
but you just wanted to be really clear
4:19
like this is not an optional step, we really need to do this
4:22
unless you're running this, like say you're running a website
4:24
and the database server is running the same machine as the web server
4:28
and it just talks over a local host
4:30
any other scenario use to be extremely careful
4:32
and we're going to go through all the steps necessary to get this working just right.