I want to setup basic authentication while connecting to the mongoDB database using my nodejs application.
Looked at the documentation for mongo image by specifying
environment:
- MONGO_INITDB_ROOT_USERNAME=admin
- MONGO_INITDB_ROOT_PASSWORD=pass
But this does not seem to work, when I use the connection string in nodejs (mongoose) as
mongodb://admin:pass#mongo:27017/myDatabase
I would just like to setup basic authentication to prevent any ransomware attacks like this :
Stackoverflow MongoDB Ransomware
MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD are used to setup superuser account to manage overall databases.
You can connect as admin permission using this connection string
mongodb://<MONGO_INITDB_ROOT_USERNAME>:<MONGO_INITDB_ROOT_PASSWORD>#mongo:27017 and create a database myDatabase, after that you also have to create user with
a role to allow query database.
For example
> use myDatabase
> db.createUser({user: "user", pwd: "user", roles:["dbOwner"]})
Then you can connect with this string
mongodb://user:user#mongo:27017/myDatabase
Related
Here is the architecture:
I have a MongoDB running on an EC2. When I ssh to the EC2 and run mongo dbname -u username -p password I am able to perform insert into the collection so that should mean that the user has permission in dbname to perform insert on collection
On the other side I have an AWS lambda, VPC is configured. When using mongodb.MongoClient to connect I am authenticated and client.isConnected() returns true but db.collection().insertOne(...) raises an error saying that I'm not authorized to perform action insert on dbname.
The connection string used to connect contains the same username and password used to connect to mongo shell.
I tried using the same options for connection to mongodb, but used mongoose instead and it didn't raise any errors
what is the connection string used?
can you try to simulate what the lambda is doing locally? can you try connecting with local mongo client to your db using the same connection string that your lambda use?
are you connecting to the right db? is your user setup on your custom db or on the default admin db? are your update rights setup on the right db?
I have an instance of Db2 on IBM Cloud. I would like to use my local CLP to connect to it. I set everything up to be able to connect using a username and password. Now, however, I would like to make use of either an APIKEY or ACCESSTOKEN as documented.
My attempts result in either
SQL30082N Security processing failed with reason "25" ("CONNECTION
DISALLOWED"). SQLSTATE=08001
or
SQL30082N Security processing failed with reason "24" ("USERNAME
AND/OR PASSWORD INVALID"). SQLSTATE=08001
I have successfully create an APIKEY and also was able to generate an access token using that API key. But what is needed to connect?
connect to clouddb ACCESSTOKEN "my long token here"
It was a matter of the right setup and correct steps:
IAM support only works with SSL connections
for SSL, I had to use the right port number (50001) and keywords (security ssl) when cataloging the node and database
my Db2 client required additional setup for GSKit and encryption key database
I wrote up a blog post with all the steps and a collection of error message on how to setup a Db2 client to authenticate using either API key or access token. Basically, it is to catalog the server:
db2 catalog tcpip node Db2oCfra remote db2host-fra02-xxx.services.eu-de.bluemix.net
server 50001 security ssl
Then catalog the database:
db2 catalog db bludb as fradb at node db2ocfra
Thereafter, connect:
db2 connect to fradb APIKEY myIBMCloudplatformApiKey
There might be additional steps in order to install GSKit and properly configure SSL support.
I am using MongoDB with mongoose in the local system in which the mongodbURL did not have username and password. Therefore the database used to get created at the first time when I ran it using the syntax
mongodb://localhost:27012/database
But now I want to use a username and password for the database, therefore, I used the given syntax
mongodb://username:password#localhost:27012/database
But I now the user does not get created automatically and the script gives me an authentication failure error
How should I create the user the first time?
First, connect to your database using the mongo shell without authentication. Run the following command to create a user.
db.createUser({
user: "username",
pwd: "password",
roles: [
{ role: "readWrite", db: "database_name"}
]
})
You probably also want to create an admin so you can create more users later when authentication is enabled.
db.createUser({
user: "username",
pwd: "password",
roles: [
"dbAdminAnyDatabase"
]
})
These users will be created in a database called "admin".
See all of the MongoDB built-in roles here: https://docs.mongodb.com/v3.2/reference/built-in-roles/
Edit you mongod configuration. If you are using YAML, add the following lines:
security:
authorization: 'enabled'
Here are the mongod config options: https://docs.mongodb.com/v3.2/reference/configuration-options/
If you are using the old format for config set auth to true
auth=true
https://docs.mongodb.com/v2.4/reference/configuration-options/
Restart mongod and load your config
mongod --config ./mongodb.conf
Now you should be able to connect with mongodb://username:password#localhost:27012/database
You have to connect to your database and enable authentication.
To do this, you need to create a user and set some permissions.
You can refer to this documentation:
https://docs.mongodb.com/v3.2/tutorial/enable-authentication/
Hope it helps :)
I am trying the Mongo Atlas Cloud. I create a cluster and i am trying a connection with the mongo shell: (same problem with mongo drivers)
mongo mongodb://***-cluster-shard-00-00-***.mongodb.net:27017,***-cluster-shard-00-01-***.mongodb.net:27017,***-cluster-shard-00-02-***.mongodb.net:27017/any_database?replicaSet=****-Cluster-shard-0 --ssl --username ***** --password *****
this is the connection string in the documentation. And this is the error:
MongoDB shell version: 3.2.7
connecting to: mongodb://***-cluster-shard-00-00-***.mongodb.net:27017,***-cluster-shard-00-01-***.mongodb.net:27017,***-cluster-shard-00-02-***.mongodb.net:27017/any_database?replicaSet=***-Cluster-shard-0
2016-07-07T01:31:17.535-0300 I NETWORK [thread1] Starting new replica set monitor for ***-Cluster-shard-0/***-cluster-shard-00-00-***.mongodb.net:27017,***-cluster-shard-00-01-***.mongodb.net:27017,***-cluster-shard-00-02-***.mongodb.net:27017
2016-07-07T01:31:17.535-0300 I NETWORK [ReplicaSetMonitorWatcher] starting
2016-07-07T01:31:20.084-0300 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1441:20
#(auth):6:1
#(auth):1:2
exception: login failed
I can connect to the database only when i use admin database "/admin?" in the connection string.
THE PROBLEM:
I need to connect to a custom database with the console or mongo drivers.
PD: i protect my data with "***"
You authenticate with the admin database. From there you can switch the database.
When connecting using Mongo drivers, your connection string needs add the auth source:
/any_database?authSource=admin&replicaSet=xyz
Adding to Nath's answer, use "--authenticationDatabase admin" if your connecting via the mongo shell and use "authSource=admin" for drivers.
Tested with [MongoDB shell version: 3.2.8]
"authSource=admin" Is a requirement for All Atlas connections.
I also faced the same issue. "admin" user would be created at the time of db creation. If you forgot the password for the default admin user, then it is difficult to connect with the database and access the collections.
You could create one more database user under "Security->Database Access" section and select "Atlas admin" as a role.
If your password contains any special character, then this would be encrypted internally. Hence, use this link (https://www.urlencoder.org/) to encrypt your password (plain text) and use the encrypted string to establish a connection.
Here is my situation:
I deploy my application on server A;
And I deployed my mongodb on server B;
the mongodb is secured by authentication. I know that I have to connect like:
mongo IP_ADDRESS/testDB -u username -p password --authenticationDatabase admin
So my problem is:
mongoClient = require("mongo").MongoClient;<br>
url = "mongodb://username:password#IP_ADDRESS:27017/testDB"
when I am using to the username has the role of root, and with this URL, I can only access the database of admin, no more others.
anyone help!
Your user exists only in admin db obviously, so you have to provide authsource to mongoClient.connect. this is not connecting database, only for authentication.
Example for your situation is:
mongoClient = require("mongo").MongoClient;
url = "mongodb://username:password#IP_ADDRESS:27017/testDB?authSource=admin
here is the documentation for url parameters. https://docs.mongodb.org/manual/reference/connection-string/#uri.authSource