From 04dcb56d9b0cc8b586e0a91e8850f91bce9bd065 Mon Sep 17 00:00:00 2001 From: MAXOUXAX <24844231+MAXOUXAX@users.noreply.github.com> Date: Sat, 29 Oct 2022 15:01:47 +0200 Subject: [PATCH] docs: updated MongoDB readme to add some notes about security --- database/nosql/mongodb/README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/database/nosql/mongodb/README.md b/database/nosql/mongodb/README.md index 9ae29218..931de79b 100644 --- a/database/nosql/mongodb/README.md +++ b/database/nosql/mongodb/README.md @@ -8,6 +8,25 @@ MongoDB is a general purpose, document-based, distributed database built for mod To disable the message about free monitoring you can run `db.disableFreeMonitoring()`. +## Security + +By default, MongoDB **does not enforce access control**, meaning that even if you set an admin username and password in the settings of your Pterodactyl server, **anyone will be able to connect to the database without authentication**, and perform any operation. + +> :warning: This is why we recommend to expose your MongoDB database only to your local network, if possible + +### Notes specific to the MongoDB 6 egg + +The [MongoDB 6 egg](./egg-mongo-d-b6.json) enables access control by default in the `mongod.conf` file, meaning that even if people will be able to connect to your database as guests, [they will not be able to perform any operation, apart from nonhazardous commands](https://dba.stackexchange.com/a/292175) + +### :warning: If you know what you are doing, and you really want to disable access control, you can do so by editing the `mongod.conf` file + +```yaml +security: + authorization: "disabled" +``` + +> To learn more about MongoDB security, you can read the [MongoDB Security Checklist](https://www.mongodb.com/docs/manual/administration/security-checklist/#security-checklist) + ## Minimum RAM warning MongoDB requires approximately 1GB of RAM per 100.000 assets. If the system has to start swapping memory to disk, this will have a severely negative impact on performance, and should be avoided.