By default, MongoDB **does not enforce access control**, meaning that even if you set an admin username and password in the settings of your Pterodactyl server, **anyone will be able to connect to the database without authentication**, and perform any operation.
> :warning: This is why we recommend to expose your MongoDB database only to your local network, if possible
To enable authentification, you need to edit the following lines to your `mongod.conf` file:
```yaml
security:
authorization: "enabled"
```
> :closed_lock_with_key: To learn more about MongoDB security, you can read the [MongoDB Security Checklist](https://www.mongodb.com/docs/manual/administration/security-checklist/#security-checklist)
**The [MongoDB 6 egg](./egg-mongo-d-b6.json) or [MongoDB 7 egg](./egg-mongo-d-b7.json) enables access control by default** in the `mongod.conf` file, meaning that even if people will be able to connect to your database as guests, [they will not be able to perform any operation, apart from nonhazardous commands](https://dba.stackexchange.com/a/292175)
MongoDB requires approximately 1GB of RAM per 100.000 assets. If the system has to start swapping memory to disk, this will have a severely negative impact on performance, and should be avoided.