Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16453

MongoDB server should obey /etc/hosts.deny and /etc/hosts.allow on GNU/Linux and UNIX systems

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • 2.6.5
    • Networking, Security
    • Server Security
    • Fully Compatible

    Description

      In order to simply security for MongoDB installations, it should obey the files /etc/hosts.deny and /etc/hosts.allow on GNU/Linux and UNIX systems.

      In order to do that, support for libwrap would have to be implemented.

      Instead of having to fiddle with firewalls (both external and local filter based ones can be quite complex to manage) access restrictions could be implemented using very simple configuration lines in the two mentioned files.

      It is to be mentioned that most modern UNIX/Linux daemons obey /etc/hosts.deny and /etc/hosts.allow and that it was a rather big surprise that MongoDB doesn't. As per principle of least surprise, this should be changed.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            markus.mahlberg@icloud.com Markus Mahlberg
            Votes:
            0 Vote for this issue
            Watchers:
            14 Start watching this issue

            Dates

              Created:
              Updated: