Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16453

MongoDB server should obey /etc/hosts.deny and /etc/hosts.allow on GNU/Linux and UNIX systems

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: 2.6.5
    • Fix Version/s: Backlog
    • Component/s: Networking, Security
    • Labels:
    • Backwards Compatibility:
      Fully Compatible

      Description

      In order to simply security for MongoDB installations, it should obey the files /etc/hosts.deny and /etc/hosts.allow on GNU/Linux and UNIX systems.

      In order to do that, support for libwrap would have to be implemented.

      Instead of having to fiddle with firewalls (both external and local filter based ones can be quite complex to manage) access restrictions could be implemented using very simple configuration lines in the two mentioned files.

      It is to be mentioned that most modern UNIX/Linux daemons obey /etc/hosts.deny and /etc/hosts.allow and that it was a rather big surprise that MongoDB doesn't. As per principle of least surprise, this should be changed.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated: