Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-207

Mongod should only listen for http connections on localhost by default

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: Admin
    • None

      Mongod should only listen for http connections on localhost by default, for security purposes.
      Since the rest interface is present, and security is off by default, if one simply misses that the http interface is available or if the firewall shuts down for some reason the entire database may be exposed.

      http://db.apache.org/derby/docs/dev/adminguide/cadminnetservsecurity.html
      http://www.mongodb.org/display/DOCS/Http+Interface

            Assignee:
            eliot Eliot Horowitz (Inactive)
            Reporter:
            sandstrom sandstrom
            Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: