[SERVER-792] Bind to localhost by default in RPM and debs only Created: 19/Mar/10  Updated: 26/Oct/15  Resolved: 29/Mar/13

Status: Closed
Project: Core Server
Component/s: Packaging
Affects Version/s: None
Fix Version/s: 2.5.0

Type: Question Priority: Major - P3
Reporter: Masatomo Nakano Assignee: Ernie Hershey
Resolution: Done Votes: 3
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

FreeBSD (but all environments)


Issue Links:
Depends
is depended on by DOCS-1732 Document new default, Bind to localho... Closed
Duplicate
Related
related to SERVER-4216 [SECURITY] mongodb 10gen debian packa... Closed
Backwards Compatibility: Fully Compatible
Participants:

 Description   

mongod binds all network interfaces and accepts all request without any auth on port 27017 and 28017.
It means anyone can access mongod from worldwide. I think it's a little bit danger default setting.

Is it possible to binds only localhost by default?



 Comments   
Comment by Daniel Pasette (Inactive) [ 18/Apr/13 ]

we don't want to change the default behavior for pkgs in a dot release. need to ensure that the docs are updated clearly. need to test this in the upgrade path.

Comment by auto [ 29/Mar/13 ]

Author:

{u'date': u'2013-03-29T18:18:17Z', u'name': u'Ernie Hershey', u'email': u'ernie.hershey@10gen.com'}

Message: SERVER-792 Bind to localhost by default in RPM and debs only

Add bind_ip = 127.0.0.1 to config file installed by rpm and deb
packages.
Branch: master
https://github.com/mongodb/mongo/commit/f8699f77f90ff9b24d23729644ee7cd7ed0e9600

Comment by T. Jameson Little [ 26/Mar/13 ]

bump

There are other defaults I don't like, such as pointing to /data/db by default (/var/lib/mongodb would make more sense according to the FHS, which is what my distro uses).

Comment by Jonas H [ 18/Oct/11 ]

bump

Comment by Eliot Horowitz (Inactive) [ 23/Sep/10 ]

Not sure about this since mongo is really meant for running with at least replication.

Generated at Thu Feb 08 02:55:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.