mirror of
https://github.com/parkervcp/eggs.git
synced 2024-11-26 07:52:56 +08:00
docs: updated MongoDB readme to add some notes about security
This commit is contained in:
parent
0df96b7d45
commit
04dcb56d9b
@ -8,6 +8,25 @@ MongoDB is a general purpose, document-based, distributed database built for mod
|
||||
|
||||
To disable the message about free monitoring you can run `db.disableFreeMonitoring()`.
|
||||
|
||||
## Security
|
||||
|
||||
By default, MongoDB **does not enforce access control**, meaning that even if you set an admin username and password in the settings of your Pterodactyl server, **anyone will be able to connect to the database without authentication**, and perform any operation.
|
||||
|
||||
> :warning: This is why we recommend to expose your MongoDB database only to your local network, if possible
|
||||
|
||||
### Notes specific to the MongoDB 6 egg
|
||||
|
||||
The [MongoDB 6 egg](./egg-mongo-d-b6.json) enables access control by default in the `mongod.conf` file, meaning that even if people will be able to connect to your database as guests, [they will not be able to perform any operation, apart from nonhazardous commands](https://dba.stackexchange.com/a/292175)
|
||||
|
||||
### :warning: If you know what you are doing, and you really want to disable access control, you can do so by editing the `mongod.conf` file
|
||||
|
||||
```yaml
|
||||
security:
|
||||
authorization: "disabled"
|
||||
```
|
||||
|
||||
> To learn more about MongoDB security, you can read the [MongoDB Security Checklist](https://www.mongodb.com/docs/manual/administration/security-checklist/#security-checklist)
|
||||
|
||||
## Minimum RAM warning
|
||||
|
||||
MongoDB requires approximately 1GB of RAM per 100.000 assets. If the system has to start swapping memory to disk, this will have a severely negative impact on performance, and should be avoided.
|
||||
|
Loading…
Reference in New Issue
Block a user