MongoDB with Async Python Transcripts
Chapter: Deployment
Lecture: Adding Authentication to MongoDB
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
So we got our settings sent. We were able to test connecting to the server. We haven't turned on SSL yet,
0:07
so we're gonna come back and do that in a second. Here, we're gonna need that command when we do. But the thing we wanna do now
0:14
is create a turn-on authentication. And so in order to turn on authentication, we have to have a user. The way we do that is, when I say use admin,
0:23
and we run this long command, which we will run over here. So back to the server. Right now we're just on this test DB, but we'll say use admin.
0:35
Notice the prompt changed there. Then I'm gonna go back, change the username and password. These are meant to be placeholders. So I'll call this
0:46
HiPI DBA or database user. And this one, I have a command I can run here that'll just create some UUID and copy it to the clipboard.
1:02
So we'll make that the password. So we have a user, great. How do we turn it on? We have to go back to that config file
1:12
that we were messing with before. We're gonna run nano, just remember hit N, up arrow. It's glorious. Down here.
1:22
We wanna go to the security section and say enabled. So security, enabled. Great. And while we're here, let's go ahead and do our SSH,
1:37
our SSL certificate rather. So we'll copy this section over. It's under the, oops, it's under the net section.
1:48
All right there. We have SSL, require SSL, and then this is the one that we generated in the script we just talked about.
1:55
about it. Okay, write that. Don't forget to restart Mongo. No errors. That's a good deal.
2:02
Check out the status. Yep, still running. So the final thing to do is let's try that
2:08
Mongo connection again. Trying to connect and it should fail. Nope, that sure didn't
2:16
work. And that's because we're not telling it it's allowed to use --TLS, which is SSL. We try this, it should still not work.
2:29
Looks like it's not going to because we need to tell it that the SSL certificate
2:36
or the TLS certificate is not a globally trusted one like you might set up for
2:40
your website through Let's Encrypt or SSL.com. We just made it ourself but as long as we trust ourselves it's fine.
2:49
Okay, so now it connected. Fantastic. Let's see what we can do. Show DBs. Nope, that requires
2:58
authentication. Use admin. Show collections. Nope, that requires authentication. So you
3:04
can't really do anything. It might look like we did something here. This use admin, but
3:09
it just changes when you issue commands like DB dot whatever, what it will be directed
3:15
that it didn't actually talk to the server to do that. Okay, so yep, can't really do
3:21
anything and we have to have access over SSL. Perfect. So the final thing to do is exit back into the shell and run this command.
3:35
It is now a four, I believe. With the port, the user is pypi-database, a user and that password is the UUID I created,
3:52
which is this. And the authentication database is admin. Woo! We're in and it's starting to tell us stuff again. And that looks good.
4:03
So what can we do? We could say, use admin, show collections. Perfect, looks like it works. So we've got our SSL, our encrypt communication,
4:16
and our use authentication and require authentication to do things. Like for example, interact with the database in any way.
4:25
So here's the great long command again, you're gonna need to change that to be whatever you actually have on your server you set up here,
4:34
and as well as the username and password if you don't use exactly what I did. Then you should be up and running.