[SERVER-207] Mongod should only listen for http connections on localhost by default Created: 02/Aug/09  Updated: 12/Jul/16  Resolved: 12/Mar/10

Status: Closed
Project: Core Server
Component/s: Admin
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: sandstrom Assignee: Eliot Horowitz (Inactive)
Resolution: Done Votes: 2
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

Mongod should only listen for http connections on localhost by default, for security purposes.
Since the rest interface is present, and security is off by default, if one simply misses that the http interface is available or if the firewall shuts down for some reason the entire database may be exposed.

http://db.apache.org/derby/docs/dev/adminguide/cadminnetservsecurity.html
http://www.mongodb.org/display/DOCS/Http+Interface



 Comments   
Comment by Eliot Horowitz (Inactive) [ 12/Mar/10 ]

we did something different see: SERVER-697

Comment by sandstrom [ 02/Aug/09 ]

MySQL does this by default.

Generated at Thu Feb 08 02:53:23 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.