Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-5897

Backup with mongodump protecting the credentials

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Critical - P2
    • Resolution: Incomplete
    • Affects Version/s: 2.1.1
    • Fix Version/s: None
    • Component/s: Security
    • Environment:
      Windows and Linux (64 bits)

      Description

      Security is very important in production deployment, let's see how do we execute a dump in mongoDB

      ./mongodump --host dbh85.test.com --db mydatabase --collection user -u username1 -p ultrasecretpass

      In this case we expose username and password, that's not good.

      we could have 2 problems if some intruder get this credencials:
      *data changes
      *data theft

      Data changes would be cover with read-only users, but I still have the data theft problem.

      mysql has a -defaults-extra-file option which is very useful for theses cases, for instance:

      mysqldump defaults-extra-file=/home/daniel/protectedlogin.cnf -all databases

      where protectedlogin.cnf contains the credentials encrypted.

        Attachments

          Issue Links

          related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. TOOLS-2447 Improve processlist output

          • Major - P3 - Major loss of function.
          • Ready for Work

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              kcotzen Carlos Astudillo B.
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: