2

I have installed MongoDB in my computer. I did't define any password and username for the installation. I can see everything with Robo 3T. Now I want to protect my database. I have tried to set authentication for the database. I followed https://docs.mongodb.com/manual/tutorial/enable-authentication/ . It did not work. I still can reach mongodb with robo 3t and see all information. I have also tried to start mongodb with --auth parameter. I have define a configuration file looks like And for starting mongodb

mongod -f C:\mongodb\conf\mongodb.conf

Mongodb has been started but, it did not ask any pass. And I can save simple data with Postman without authentication.

What I want to do:

  1. Protect my database against Robo 3t. :))
  2. I dont want to save any data without auth.
  3. Building Nodejs connection string that include pass like mysql://root:password@localhost:port/dbName

Here is my Nodejs index.js code

indexjs this is my model.

usermodel

PS: I am very new in Nodejs and Mongodb.

EDIT: inside conf file enter image description here

userAsk
  • 125
  • 1
  • 8
  • what's in C:\mongodb\conf\mongodb.conf? anything interesting in the log? – Joe Jan 11 '19 at 00:45
  • @Joe you can define a configuration file and run it. – userAsk Jan 11 '19 at 00:46
  • I realize that, I was asking if you can show it to us – Joe Jan 11 '19 at 00:47
  • I have added image – userAsk Jan 11 '19 at 00:49
  • the log should also indicate `authorization:enabled` in its options message when the server starts up. If that's not there you may just need to restart mongod – Joe Jan 11 '19 at 00:51
  • @Joe, Mongodb work fine with this configuration. Butr it dont ask me any password or something like that. I can put user with Postman(its a program). And it don't ask me any authorisation. Everybody can push data, see data, change data. I dont want have it like that. I want to meke it secure. – userAsk Jan 11 '19 at 00:54
  • Understood. To make mongod require credentials, it must have authorization enabled in the running instance. In order to verify the running instance has it enabled, you need to look at the log. – Joe Jan 11 '19 at 01:06

0 Answers0