MongoDB with Async Python Transcripts
Chapter: Deployment
Lecture: Don't Do What These Companies Did with MongoDB

Learn more about this course
Login or purchase this course to watch this video and the rest of the course contents.
0:00 To set the stage for deploying and securing our MongoDB server, let me just give you a little bit of a warning.
0:08 Now, this is clearly not meant to dissuade you. I'm a huge MongoDB fan. I've been using it in production for a long time. It's awesome.
0:17 But you can set it up wrong, just like working with S3. You've heard about all sorts of problems people have had
0:24 by turning off some of the access controls and things there. Similarly, if you don't go through the steps correctly, there's big problems.
0:33 But if you do, awesome. So here's a few ways where work of MongoDB can go a little bit wrong. Here's an article, it's a little bit older from 2017.
0:42 I think that's relevant. MongoDB has made a lot of the defaults better, but MongoDB database systems are being hacked for ransom
0:49 using ransomware something or other. Here's another one, MongoDB ransomware compromises double in a single day. You can see right here that it says,
1:00 your database is backed up on our servers. Send one Bitcoin to this address. Probably it's not backed up, probably it's just deleted,
1:07 but you never know, right? Terrible. Massive ransomware attack takes out 27,000 MongoDB servers. These are not ideal, right? All from 2017.
1:19 Here's another. Two million recordings of families imperiled by cloud connective toys, crappy MongoDB.
1:25 And by crappy, what they mean is no username, no password. That's true for all of these. This is not some kind of security vulnerability in MongoDB.
1:33 Definitely not. This is just people putting MongoDB on the public internet with no access control whatsoever. And if you can find the port,
1:42 then you just connect to it with Studio 3T Free or Mongo Shell or whatever you wanna connect to it with and you have full admin access to it.
1:52 Terrible ideas, don't do that. So in the next few videos, we're going to talk about how to not do this, but to put
1:59 our MongoDB up in a very secure and proper way. It's not hard, it just takes a little bit of knowledge, hence this chapter.


Talk Python's Mastodon Michael Kennedy's Mastodon