MongoDB User creation: localhost exception

October 20, 2014 · by dbversity · in MongoDB

If we create a user in Mongos (router), we can authenticate Mongod’s (RS/Shard: in case of shard, user should have ‘clusterAdmin’ role) using that user. But still we can directly connect to Mongod’s with localhost exception with out any UN/PW.

To avoid this vulnerability, either we have to create the same user in all other mongod’s or disable localhost exception. For more details at localhost_auth_bypass_link

To disable the localhost exception, use setParameter to set the enableLocalhostAuthBypass parameter to 0 during startup.

mongod –setParameter enableLocalhostAuthBypass=0

Leave a Reply

← Node requirement for MemSQL commands

MongoDB: lock/unlock users →