MongoDB for Developers with Python Transcripts
Chapter: Deploying MongoDB in production (and playing it safe)
Lecture: Warning: Action required
0:01 You've learned almost everything you need to know about MongoDB
0:04 to work with it, to make it fast, to access it from things like MongoEngine.
0:07 The last thing is to actually put it into production,
0:11 to use MongoDB in production to set up our applications,
0:14 to talk to a secured version of MongoDB, all of those things.
0:18 So we're going to focus on two main areas,
0:21 one deploy MongoDB for production servers, two, doing that safely.
0:25 So far, what we've been doing is we've been running our web app,
0:30 or script, our little test app, whatever it is that we're going to be building,
0:34 a little thing we even playing with, and that's the blue thing here,
0:37 and we've been running it and talking to MongoDB on our local machine,
0:40 probably our laptop, and we've been just on the local loop back,
0:44 127.0.0.1, talking to MongoDB, and I have gone on and on
0:49 about how you must not listen on another ip address on your local dev machine,
0:55 take that thing to a coffee shop or worse, to like a big hotel
0:59 where there's a tech conference, god forbid, black hat or something going on
1:04 and that thing will be in some serious, serious trouble right away.
1:08 By the way, did you know on your Mac that the firewall is off by default?
1:12 That's right off by default, that's crazy, but it is, so just another thing to consider,
1:18 layers and layers and layers, but assuming we're only listening
1:21 on local loopback we're pretty safe like this,
1:24 but we have been running without encryption and running without authentication,
1:29 MongoDB gave us a little warning when we connected
1:32 but you have to connect, you have to care, if you connect with code
1:35 and not with a shell, there is no warning it just works,
1:38 we're going to set up an entirely different thing
1:41 we're going to have a set of web front ends, fake web front ends,
1:44 we're not really going to write a website, but what would stand in for our website
1:49 and we're going to have our production MongoDb server,
1:51 and these things are going to talk to each other over
1:55 at least the file computing data center connection,
1:57 potentially farther than that, so we're going to have to open this thing up
2:01 and that means we need to add things like encryption,
2:04 we need to add authentication, firewall sorts of rules and things like that.
2:07 That's what we're going to talk about in this chapter.
2:10 This is a bit of a chore, right, this is not the default
2:14 unfortunately this is not the falling into the pit of success type of thing,
2:18 you have to work to get this set up correctly
2:21 so let me just give you some very recent warnings
2:24 this is not to tell you not to use MongoDB,
2:27 I use MongoDB for my production stuff, I love MongoDB
2:29 but you must use it carefully, it's like a sharp knife.
2:33 What I am about to show you is not meant to dissuade you in any way
2:36 but just to make sure you really have this burnt your mind
2:39 that you have to be careful when you're deploying stuff to production with MongoDB.
2:43 That said, check this out— here are some recent headlines
2:47 and you want your company and your data to be nowhere near them,
2:51 MongoDB databases are being hacked for ransom using ransomware
2:56 notice this is 2017, here's a little example, look at this,
3:00 show dbs, please read, use please read, show collections,
3:04 please read me do a little find on it and you get
3:08 your database is been hacked and encrypted
3:10 you have to send a bitcoin here to get it back
3:13 and chances are they will probably just throw away your data
3:15 and they'll take your bitcoin and yeah, good job,
3:17 okay, so here's another one, how about this
3:20 massive ransomware attack takes out 27 thousand MongoDB servers
3:24 terabytes and terabytes of data, the petabytes of data we're lost to the world,
3:28 so these are all not good things, right, you've lost your data
3:31 here is one more, two million recordings of families
3:34 imperiled by cloud connected toys crappy MongoDB
3:38 you don't want that anywhere near your business,
3:41 so this is a little bear thing here, that with a light on it
3:43 it connects to the internet and it connects to a service
3:47 and then the parent and the kid can like talk to each other
3:50 over the internet through the bear,
3:52 that was basically all that data in that exchange was done
3:55 entirely on a wide open MongoDB database with no account at all,
3:59 just hey here's the port, connect to it, go have fun.
4:03 All right, so the problem here is that MongoDB lets you listen
4:07 on the wide open internet without a usnername and password
4:10 and without encryption and that's the default.
4:13 What we're going to do it is we're going to add all those things
4:16 but you just wanted to be really clear
4:19 like this is not an optional step, we really need to do this
4:22 unless you're running this, like say you're running a website
4:24 and the database server is running the same machine as the web server
4:28 and it just talks over a local host
4:30 any other scenario use to be extremely careful
4:32 and we're going to go through all the steps necessary to get this working just right.