“Now I am not a security professional and I don’t pretend to play one on the internet” – Rick H.
Take this post with a grain of salt.
I’m preparing to launch one of my web applications JSecademy. The backend of the application is using mongodb as a datastore. This is a good enough option right now, since i’m not planning for this application to be the next great app that will take over the world. The goal is a simple one, bring you world class JavaScript Screencasts.
“My paying customers deserve the upmost best customer experience that I can deliver.” – Rick H.
Keeping this goal in mind, I need to be able to change values to the database on a production application. But I thought your application could handle every possible request that the user might need and want. WRONG! building software the resolves all request by your customers is probably the wrong software. Why? In simple terms customers don’t really know what they want from you. What you need to do is show them with limited features.
Mongo provides for you a wide variety of options for administrator panels to edit and delete records on the database. Depending on what your requirements are some of them might be more useful then others. The typical one that you will probably end up using at one point or another is robomongo client. The project is currently very unstable since they are looking to raise $116,000 dollars in their new campaign to keep the project alive. The project stands at $11,996 as of this writing. If you would like to give a different administrator panel a go.
Check out the list that the mongodb team provides for you.
Now that you have selected a UI tool to use along with your production database it’s now time to get started configuring the production server to allow access to this tool. For this example I decided to use HumongouS.io. This UI tool is a cloud based one, allowing me to have access to the remote database. This is the most practical for me since i’m typically in different locations of the world through out the year, this could be different for you.
1. Setup the remote machine to block all connections to port 27017
One of the easiest ways you can restrict access to a resource is by blocking all of the traffic that is going to that resource. In linux you can accomplish this by using iptables.
To block all traffic that is going to port 27017 use the following command.
2. Enable remote machine to only accept connections from a set of specific IP address
Good idea to allow your applications to talk to mongo
Next is the ip address that you want to allow access to this resource which is port 27017
The last part is to make all of this changes permanent in the operating system.
3. Setup credentials with MongoDB
It’s also a good idea to enable authentication with mongodb
Find this line and enable authentication
Disable the HTTP interface
Create a user with the proper authentication
4. Connect with client using credentials
Depending on what client you end up using this will be different from client to client.
If you would like to test out the connection with the command line use this command.
5. Restart services
The last part is to apply all of this changes. All of your system should have a startup service. Meaning if you restart the server everything will automatically startup. If you don’t, which you should. Than just restart the database and carry on with your day.
Talk to you soon,
Rick H.
I always had a passion for the field of STEM (Science, Technology, Engineering, and Math) and I knew I wanted to do something to make a difference in the world. I just didn’t know where to start. I was an immigrant in a new country, grew up in a tough environment, and wasn’t sure how… Read More
