I am using the same connection string on local and production. When the connection string is mongodb://localhost/mydb
What are the user and password ? Is it secure to keep it this way ?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
By default mongodb has no enabled access control, so there is no default user or password.
To enable access control, use either the command line option --auth or security.authorization configuration file setting.
You can use the following procedure or refer to Enabling Auth in the MongoDB docs.
Procedure
Start MongoDB without access control.
mongod --port 27017 --dbpath /data/db1Connect to the instance.
mongo --port 27017Create the user administrator.
use admin db.createUser( { user: "myUserAdmin", pwd: "abc123", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )Re-start the MongoDB instance with access control.
mongod --auth --port 27017 --dbpath /data/db1Authenticate as the user administrator.
mongo --port 27017 -u "myUserAdmin" -p "abc123" \ --authenticationDatabase "admin"
回答2:
In addition with what @Camilo Silva already mentioned, if you want to give free access to create databases, read, write databases, etc, but you don't want to create a root role, you can change the 3rd step with the following:
use admin db.createUser( { user: "myUserAdmin", pwd: "abc123", roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "dbAdminAnyDatabase", db: "admin" }, { role: "readWriteAnyDatabase", db: "admin" } ] } ) 回答3:
For MongoDB earlier than 2.6, the command to add a root user is addUser (e.g.)
db.addUser({user:'admin',pwd:'<password>',roles:["root"]})