Details
Description
The default install of mongodb from the repo:
http://downloads-distro.mongodb.org/repo/debian-sysvinit
Does not have a "bind_ip 127.0.0.1" option set in the mongodb.conf. This leaves a users server vulnerable if they are not aware of this setting. The default should be to lockdown as much as possible and only expose if the user requests it.
Attachments
Issue Links
- is related to
-
SERVER-792 Bind to localhost by default in RPM and debs only
-
- Closed
-