In this post, I would share about the approach I have taken to create users in MongoDB, for a secure Database Server.

What Will I Learn?

• MongoDB terminal to add new user
• Start a MongoDB server with authentication

Requirements

• MongoDB installed
• Basic CRUD operation in MongoDB
• Basic understanding of Node.js and JavaScript

Difficulty

Advanced

Tutorial Contents

Adding security to MongoDB

Create User in MongoDB

Creating users for the database and assign roles for the users are the most common approach of setting up security to any DataBase.

This method allows an admin to control other user's permission.

Step 1: Entering a database

show dbs, to show the current available database.

Then, choose the database that you want to add user. For my case, I will run use mongotutorial.

Step 2: Create a user

To check current available user, run db.getUsers();

Then, create user with

> db.createUser(
{
  user: "johnson",
  pwd: "password123",
  roles: [
    { role: "userAdmin", db: "mongotutorial"}
  ]
});

Where the user means the username for the User, pwd is the password which will then being encrypted, and roles to set permission for the User.

The type of roles available can be refer to MongoDB official website

Run db.getUsers(); to check wether the user is created.

The return data:

[
  {
    "_id" : "mongotutorial.johnson",
    "user" : "johnson",
    "db" : "mongotutorial",
    "roles" : [
      {
        "role" : "userAdmin",
        "db" : "mongotutorial"
      }
    ]
  }
]

Based on the return data, _id shows that johnson is referring to mongotutorial database.

Step 3: Start MongoDB with Authentication

Previously, the way we started mongo is with just mongod. Instead of starting with mongod, add in a few configuration to make it authenticate.

Starting an authenticate MongoDB is crucial for the sake of security.

The command that you use is:

> mongod --auth

• --auth - Start a server with authentication.
• --fork (optional) - To run mongod on background.
• --logpath <location> (optional, required when use with fork) - Define where to store logs.
• --dbpath <location> (optional) - in case you want to specify the database path.

In another terminal, run mongo. When you try to use command like show dbs, it will show that you are not authenticate.

To authenticate yourself, first go to the database mongotutorial, and run db.auth();.

> use mongotutorial;
> db.auth("johnson", "password123");
> db.getUsers();

As you can see, the db.getUsers() are able to query out data, means that the user are authenticated.

Final thoughts

Security are always the first priority when the database is being used in production. Setting up user roles, allows admin to control the database permission.

In the next tutorial, I will talk about use of regex and Map-Reduce in MongoDB.

Curriculum

• Getting Started with MongoDB
• MongoDB: CRUD operation in console and introduction to mongoose.js
• Using Indexes to Increase performance with MongoDB Query
• Aggregation with MongoDB (Comparison with SQL)
• Data modeling and Relationship in MongoDB

---

Posted on Utopian.io - Rewarding Open Source Contributors

---