Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-207

Mongod should only listen for http connections on localhost by default

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Minor - P4
    • Resolution: Fixed
    • None
    • None
    • Admin
    • None

    Description

      Mongod should only listen for http connections on localhost by default, for security purposes.
      Since the rest interface is present, and security is off by default, if one simply misses that the http interface is available or if the firewall shuts down for some reason the entire database may be exposed.

      http://db.apache.org/derby/docs/dev/adminguide/cadminnetservsecurity.html
      http://www.mongodb.org/display/DOCS/Http+Interface

      Attachments

        Activity

          People

            eliot Eliot Horowitz (Inactive)
            sandstrom sandstrom
            Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: