0

In MongoDB how unauthorized access and changes to the database is restricted. If only by login credentials. Then is the data stored in storage media (HDD,SSD) encrypted ?

Community
  • 1
  • 1
waheebyaqub
  • 293
  • 1
  • 5
  • 13

1 Answers1

1

MongoDB uses role-based access control to restrict the operations that users can perform. Authentication can be via challenge-response (simple username/password), x.509 certificates, or, with MongoDB Enterprise, via Kerberos or LDAP. MongoDB does not write data to the disk encrypted.

wdberkeley
  • 11,531
  • 1
  • 28
  • 23
  • So there can be never unauthorised changes to data???. If not then is there a way to roll back to previous data value – waheebyaqub Aug 31 '14 at 15:00
  • What do you mean "there can never be unauthorized changes to data"? Someone could log into the server and reformat the volume with the data files in it without logging into MongoDB. Someone could walk up to your server with a hammer and pummel your data into nothingness. What's the meaning of never and what's the meaning of unauthorized? – wdberkeley Aug 31 '14 at 20:46
  • Well I didn't mean to use hammer, anyhow you can get offline attacks on your database, someone can access the data without logging in to mongodb (since it is not encrypted) but how you make sure changes to data is authorised. Here is an example imagine there is data about employee Y and his salary . Employee Y increases his salary by 10% illegally. When next time this employee Y data is retrieved using mongodb query does it detect the illegal / unauthorised increase value of employee Y salary. For simplicity consider only single server implementation of mongodb with no replicas – waheebyaqub Aug 31 '14 at 21:23
  • 1
    If employee Y can crack open the actual database files and circumvent the mongod process entirely and change the data without corrupting the files, then there's no way that mongod can detect that and it's unreasonable to expect it to be able to do so. – wdberkeley Sep 01 '14 at 01:34
  • i hope you don't mind, i am just trying to analyze mongoDB. assume you have deployment of mongoDB on cluster of machines and replicating is turned ON (for example replicating factor is 3). Also consider the same Employee Y case given in above comment, hence the database will lead to inconsistent state. How does mongoDB will become consistent from such situation. I know you might say this can never happen but i just wana know – waheebyaqub Sep 02 '14 at 08:20
  • 1
    It won't. Replication is based on oplog entries and times and won't check the state of the documents (directly). This might lead to noisy errors, silent errors, or ok operation depending on exactly what the state change was and what the server is doing. Don't mess with the data files. – wdberkeley Sep 02 '14 at 19:51