mongoDB

Simple installation of MongoDB on Windows with security/authorization

Ole Petter Dahlmann

If you want a simple installation of MongoDB on your Windows server but still want to make it secure so that you are not open to outside connections without a username and password you have come to the right place. In this post, I will step through how to set up your database to run as a service with authorization. For setting up replica sets and so on you can read this post.

MongoDb is running without authorization by default and even though you set a password to your database for login, you server will still be open for attack.

Back in January 2017 there was a huge global attack on MongoDB servers where they deleted all your databases and demanded Bitcoins to restore.

mdbsec1

I will show you 2 simple steps on how to make sure you are save from that kind of attack.

First of all, let’s get the MongoDB server run as a service first, and then add authorization afterword.

1.  Download your MongoDB as a zip file from here, I will pick the version “win32/mongodb-win32-x86_64-2008plus-v3.2-latest.zip”

2.  Create a folder on your C drive “c:\mongodb-3.2” and add the bin folder from the zip file you downloaded.

3.  Create the folders data and log in your folder.

4.  Create a file “mongod.cfg” in your folder and add this:

systemLog:
 destination: file
 path: c:\mongodb-3.2\log\mongod.log
storage:
 dbPath: c:\mongodb-3.2\data
net:
 port: 27017

5.  Create the service from cmd promt: sc.exe create MongoDB binPath= “\”C:\mongodb-3.2\bin\mongod.exe\” –service –config=\”C:\mongodb-3.2\mongod.cfg\”” DisplayName= “MongoDB” start= “auto”

6.  Start the service from cmd promt: “net start MongoDB”

7.  You can check if MongoDB is running by trying to connect to the shell from cmd promt type: “c:\mongodb-3.2\bin\mongo.exe”

mdbsec2

If you don’t have any tools for administrating MongoDB I recommend using this free tool: Robomongo

To enable authorization, you simply have to:

1. Create a user

use admin
db.createUser(
   {
     user: "admin",
     pwd: "password",
     roles:
       [
         { role: "root", db: "admin" }
       ]
   }
)

2. Enable authorization in your config file

systemLog:
    destination: file
    path: c:\mongodb-3.2\data\mongod.log
storage:
    dbPath: c:\mongodb-3.2\data
net:
   port: 27017
security:
    authorization: enabled
setParameter:
   enableLocalhostAuthBypass: false

Then restart your MongoDB service and you are secure.

Thanks for reading