Here is my situation:
I deploy my application on server A;
And I deployed my mongodb on server B;
the mongodb is secured by authentication. I know that I have to connect like:
mongo IP_ADDRESS/testDB -u username -p password --authenticationDatabase admin
So my problem is:
mongoClient = require("mongo").MongoClient;<br>
url = "mongodb://username:password#IP_ADDRESS:27017/testDB"
when I am using to the username has the role of root, and with this URL, I can only access the database of admin, no more others.
anyone help!
Your user exists only in admin db obviously, so you have to provide authsource to mongoClient.connect. this is not connecting database, only for authentication.
Example for your situation is:
mongoClient = require("mongo").MongoClient;
url = "mongodb://username:password#IP_ADDRESS:27017/testDB?authSource=admin
here is the documentation for url parameters. https://docs.mongodb.org/manual/reference/connection-string/#uri.authSource
Related
I want to setup basic authentication while connecting to the mongoDB database using my nodejs application.
Looked at the documentation for mongo image by specifying
environment:
- MONGO_INITDB_ROOT_USERNAME=admin
- MONGO_INITDB_ROOT_PASSWORD=pass
But this does not seem to work, when I use the connection string in nodejs (mongoose) as
mongodb://admin:pass#mongo:27017/myDatabase
I would just like to setup basic authentication to prevent any ransomware attacks like this :
Stackoverflow MongoDB Ransomware
MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD are used to setup superuser account to manage overall databases.
You can connect as admin permission using this connection string
mongodb://<MONGO_INITDB_ROOT_USERNAME>:<MONGO_INITDB_ROOT_PASSWORD>#mongo:27017 and create a database myDatabase, after that you also have to create user with
a role to allow query database.
For example
> use myDatabase
> db.createUser({user: "user", pwd: "user", roles:["dbOwner"]})
Then you can connect with this string
mongodb://user:user#mongo:27017/myDatabase
I'm building a Node.js application which is trying to connect to a very specific SQL Server configuration: It's running as an instance, with a custom port and users need to login through Active Directory-- hence the connection should be done using domain
I'm using mssql package using tedious API, and this is my configuration:
connectionOptions = {
server: 'USRCMX01\\INSTANCE1',
port: 1367,
domain: 'stagingsv',
user: 'x.myuser.01',
password: 'myuserpassword',
options: {
instanceName: 'INSTANCE1',
trustServerCertificate: true,
enableArithAbort: true
}
};
However, when using this configuration I get a timeout error from SQL Server. After initiating SQL Server Browser service and opening port 1434 from my SQL Server instance server, I tried again but had the same luck
The connection string I was using before from SQL Server Management studio looks like this:
Driver={SQL Server Native Client 11.0};Server={USRCMX01\\INSTANCE1,1367};Uid={stagingsv\\x.myuser.01};Pwd={myuserpassword};Trusted_Connection={true};
.. And it works flawlessly
Is there any way to connect to a SQL Server instance using instance name, domain, and port at the same time from Node.js?
Windows Authentication for SQL does not use passwords. It uses the credentials of the existing logged-in user.
So your SSMS connection string is actually ignoring the username and password, and you shouldn't pass it. To get the same effect with Tedious, it looks from the docs like you need to set:
authentication.type = 'ntlm'
But if not then try some of the other options from there also.
The way Windows Auth works is that it passes the Kerberos ticket (for AD users) or NTLM hash (for non-AD) that the user already has from when they logged in. There is no password in the connection string
Caveat: if you are using Azure AD, as opposed to on-premise, then that works differently. You can either use a password or the Kerberos ticket.
I'm connecting to an external Oracle Database with the example function that can be found here
const oracledb = require('oracledb');
const connection = await oracledb.getConnection(
{
user : "hr",
password : mypw, // mypw contains the hr schema password
connectString : "mydbmachine.example.com/orclpdb1"
}
);
So, as you can see, my credentials would be 'exposed' to everyone who can access the code (maybe github repository or something).
Is there any way of hiding my username and password or making them confidential, or I just shouldn't worry about it?
Note: I'm using the oracledb node module
You could use .env, and access to it with process.env.
check here: https://nodejs.org/dist/latest-v8.x/docs/api/process.html#process_process_env
Store your database secrets encrypted in Secrets Manager or Parameter Store and have your app read them at runtime. Be sure to update the IAM role that your app uses so that it has IAM permissions to retrieve the credentials.
Note: for certain databases, Secrets Manager supports auto-rotation of credentials.
Choices include:
prompt for the password at runtime
pass the password in an environment variable
use kerberos and then use 'external' authentication in node-oracledb. All this is configured and enabled in code layers below node-oracledb, see the Oracle Database Security Guide.
use an Oracle Wallet and then use 'external' authentication in node-oracledb.
Here is the architecture:
I have a MongoDB running on an EC2. When I ssh to the EC2 and run mongo dbname -u username -p password I am able to perform insert into the collection so that should mean that the user has permission in dbname to perform insert on collection
On the other side I have an AWS lambda, VPC is configured. When using mongodb.MongoClient to connect I am authenticated and client.isConnected() returns true but db.collection().insertOne(...) raises an error saying that I'm not authorized to perform action insert on dbname.
The connection string used to connect contains the same username and password used to connect to mongo shell.
I tried using the same options for connection to mongodb, but used mongoose instead and it didn't raise any errors
what is the connection string used?
can you try to simulate what the lambda is doing locally? can you try connecting with local mongo client to your db using the same connection string that your lambda use?
are you connecting to the right db? is your user setup on your custom db or on the default admin db? are your update rights setup on the right db?
I am trying the Mongo Atlas Cloud. I create a cluster and i am trying a connection with the mongo shell: (same problem with mongo drivers)
mongo mongodb://***-cluster-shard-00-00-***.mongodb.net:27017,***-cluster-shard-00-01-***.mongodb.net:27017,***-cluster-shard-00-02-***.mongodb.net:27017/any_database?replicaSet=****-Cluster-shard-0 --ssl --username ***** --password *****
this is the connection string in the documentation. And this is the error:
MongoDB shell version: 3.2.7
connecting to: mongodb://***-cluster-shard-00-00-***.mongodb.net:27017,***-cluster-shard-00-01-***.mongodb.net:27017,***-cluster-shard-00-02-***.mongodb.net:27017/any_database?replicaSet=***-Cluster-shard-0
2016-07-07T01:31:17.535-0300 I NETWORK [thread1] Starting new replica set monitor for ***-Cluster-shard-0/***-cluster-shard-00-00-***.mongodb.net:27017,***-cluster-shard-00-01-***.mongodb.net:27017,***-cluster-shard-00-02-***.mongodb.net:27017
2016-07-07T01:31:17.535-0300 I NETWORK [ReplicaSetMonitorWatcher] starting
2016-07-07T01:31:20.084-0300 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow#src/mongo/shell/db.js:1441:20
#(auth):6:1
#(auth):1:2
exception: login failed
I can connect to the database only when i use admin database "/admin?" in the connection string.
THE PROBLEM:
I need to connect to a custom database with the console or mongo drivers.
PD: i protect my data with "***"
You authenticate with the admin database. From there you can switch the database.
When connecting using Mongo drivers, your connection string needs add the auth source:
/any_database?authSource=admin&replicaSet=xyz
Adding to Nath's answer, use "--authenticationDatabase admin" if your connecting via the mongo shell and use "authSource=admin" for drivers.
Tested with [MongoDB shell version: 3.2.8]
"authSource=admin" Is a requirement for All Atlas connections.
I also faced the same issue. "admin" user would be created at the time of db creation. If you forgot the password for the default admin user, then it is difficult to connect with the database and access the collections.
You could create one more database user under "Security->Database Access" section and select "Atlas admin" as a role.
If your password contains any special character, then this would be encrypted internally. Hence, use this link (https://www.urlencoder.org/) to encrypt your password (plain text) and use the encrypted string to establish a connection.