www.mongodb.com
Open in
urlscan Pro
2600:9000:224a:3000:7:7859:3840:93a1
Public Scan
Submitted URL: https://www.mongodb.com/security-best-practices
Effective URL: https://www.mongodb.com/features/security/best-practices
Submission: On October 07 via api from IN — Scanned from DE
Effective URL: https://www.mongodb.com/features/security/best-practices
Submission: On October 07 via api from IN — Scanned from DE
Form analysis 2 forms found in the DOM
GET https://www.mongodb.com/search
<form role="search" method="GET" action="https://www.mongodb.com/search" class="css-dc0gsv">
<div class="css-87svlz">
<div class="css-36i4c2"><input type="text" placeholder="Search products, whitepapers, & more..." value="" class="css-etrcff"></div>
<div class="css-v2nqhr">
<div class="css-aef77t"><button role="label" type="button" class="css-14k7wrz"><span data-testid="selected-value" class="css-6k4l2y">General Information</span>
<div class="css-109dpaz"><svg data-testid="icon" width="16" height="9" viewBox="0 0 16 9" fill="none" xmlns="http://www.w3.org/2000/svg" class="css-1yzkxhp">
<path d="M1.06689 0.799988L8.00023 7.73332L14.9336 0.799988" stroke-linecap="round" stroke-linejoin="round" class="css-1tlq8q9"></path>
</svg></div>
</button>
<div class="css-hn9qqo">
<ul data-testid="options" role="listbox" class="css-ac9zo2">
<li role="option" tabindex="0" class="css-11dtrvq">General Information</li>
<li role="option" tabindex="0" class="css-11dtrvq">All Documentation</li>
<li role="option" tabindex="0" class="css-11dtrvq">Realm Documentation</li>
<li role="option" tabindex="0" class="css-11dtrvq">Developer Articles & Topics</li>
<li role="option" tabindex="0" class="css-11dtrvq">Community Forums</li>
<li role="option" tabindex="0" class="css-11dtrvq">Blog</li>
</ul>
</div>
</div><input type="hidden" id="addsearch" name="addsearch" value="">
<div class="css-1myrko"><button type="submit" tabindex="0" data-track="true" class=" css-13l1z36"><img alt="search icon" src="https://webimages.mongodb.com/_com_assets/cms/krc3hljsdwdfd2w5d-web-actions-search.svg?auto=format%252Ccompress"
class="css-r9fohf"></button></div>
</div>
</div>
</form>GET https://www.mongodb.com/search
<form role="search" method="GET" action="https://www.mongodb.com/search" class="css-11a71ad">
<div class="css-7590ag"><input type="text" placeholder="Search products, whitepapers, & more..." value="" class="css-xrkki1"></div>
<div class="css-abpu8v"><select id="filter-select" class="select-overlay css-15v6p12">
<option selected="" value="General Information">General Information</option>
<option value="All Documentation">All Documentation</option>
<option value="Realm Documentation">Realm Documentation</option>
<option value="Developer Articles & Topics">Developer Articles & Topics</option>
<option value="Community Forums">Community Forums</option>
<option value="Blog">Blog</option>
</select><input type="hidden" id="addsearch" name="addsearch" value="">
<div class="css-1myrko"><button type="submit" tabindex="0" data-track="true" class=" css-31biy7">Search</button></div>
</div>
</form>Text Content
___
Blog
{Blog} See what’s new with MongoDB 6.0 — and why you’ll want to upgrade today
>>
General Information
* General Information
* All Documentation
* Realm Documentation
* Developer Articles & Topics
* Community Forums
* Blog
* Products
Atlas→
Developer Data Platform
--------------------------------------------------------------------------------
Enterprise Advanced→
Enterprise software and support
--------------------------------------------------------------------------------
Community Edition→
Free software used by millions
--------------------------------------------------------------------------------
* Database→
* Search→
* Data Lake (Preview)→
* Charts→
* Device Sync→
* APIs, Triggers, Functions→
* Enterprise Server→
* Ops Manager→
* Enterprise Kubernetes Operator→
* Community Server→
* Cloud Manager→
* Community Kubernetes Operator→
Tools→
Build faster
--------------------------------------------------------------------------------
* Compass→
* Shell→
* VS Code Plugin→
* Atlas CLI→
* Database Connectors→
* Cluster to Cluster Sync→
* Mongoose ODM Support→
* Solutions
By Industry
--------------------------------------------------------------------------------
By Use Case
--------------------------------------------------------------------------------
* Financial Services→
* Telecom→
* Healthcare→
* Retail→
* Gaming→
* All Industries→
* Analytics→
* Internet of Things→
* Mobile→
* Payments→
* Serverless Development→
* All Use Cases→
Customer Stories
Learn how businesses are taking advantage of MongoDB
View All
--------------------------------------------------------------------------------
White Papers & Presentations
Webinars, white papers, data sheet and more
View All
* Resources
Documentation→
--------------------------------------------------------------------------------
* Atlas→
* Server→
* Drivers→
* Develop Applications→
* Launch and Manage MongoDB→
* View and Analyze→
* Start with Guides→
Community
--------------------------------------------------------------------------------
Education
--------------------------------------------------------------------------------
* Developer Center→
* Events & Webinars→
* Forums→
* Champions→
* Find a User Group→
* University→
* Certification→
* Academia→
* MongoDB Basics Course→
* Browse All Courses→
* Company
About
--------------------------------------------------------------------------------
Services
--------------------------------------------------------------------------------
Partnerships
--------------------------------------------------------------------------------
* Who We Are→
* Blog→
* Careers→
* Pressroom→
* Leadership→
* Investors→
* Consulting→
* Training→
* Enterprise Support→
* Become a Partner→
* Find a Partner→
* MongoDB for Startups→
* Pricing
Sign In
Try Free
General InformationAll DocumentationRealm DocumentationDeveloper Articles &
TopicsCommunity ForumsBlog
Search
MONGODB SECURITY CHECKLIST & BEST PRACTICES
Try MongoDB Atlas free
Last Updated: June 16, 2020
Data security is a top concern. News stories about new data breaches make the
headlines nearly every week, describing compromises that impact thousands of
users.
The good news is that MongoDB has everything you need to ensure security best
practices, from encryption to authentication, access control, and auditing.
In-depth documentation and detailed resources such as white papers are available
to delve deeper into all of the best practices outlined here. This page provides
a brief overview of best practices for MongoDB security, with links for learning
more.
Now, let's review some of the ways to keep your MongoDB database secure.
1. CREATE SEPARATE SECURITY CREDENTIALS
To enable authentication, create login credentials for each user or process that
accesses MongoDB.
Suppose several users need administrative access to the database. Instead of
sharing credentials, which increases the likelihood that the account will be
compromised, issue each person their own credential and assign them privileges
according to their roles, described next.
2. USE ROLE-BASED ACCESS CONTROL
Instead of giving authorizations to individual users, associate authorizations
with roles such as application server, database administrator, developer, BI
tool, and more. Predefined roles are available out of the box such as dbAdmin,
dbOwner, clusterAdmin, and more. Those roles can be further customized to meet
the needs of particular teams and functional areas while ensuring consistent
policies across the organization.
3. LIMIT CONNECTIONS TO THE DATABASE
One way that data leaks occur is that an intruder gains remote access to the
database. By limiting remote connections to the database, you reduce this risk.
The best practice is to allow connections only from specified IP addresses, a
practice known as whitelisting.
With MongoDB Atlas, the fully managed service for MongoDB, each Atlas project
gets its own VPC. For additional security, customers can enable VPC peering to
the private networks housing their applications to prevent access over the
public internet.
4. ENCRYPT YOUR DATA
In most data leaks, the data is readable by unauthorized users. Encrypting data
makes it unreadable by those who do not have the keys to decrypt it.
Encryption can be applied in a number of ways:
* Encrypting data at rest. Encrypt the data where it is stored. At rest
encryption is not available for MongoDB Community Edition; it requires
MongoDB Enterprise or MongoDB Atlas.
* Encrypting data in transit. By default, with MongoDB, all data is encrypted
in transit using TLS.
5. ADD EXTRA ENCRYPTION FOR SENSITIVE DATA
A key feature of the MongoDB 4.2 release is client-side field-level encryption.
Most encryption is applied at the server. This means that if someone has access
to the server, they may be able to read that data. Client-side field-level
encryption ensures that only relevant parties can read their own data on the
client-side using their unique decryption key.
This means, in effect, that only the user can read the encrypted data.
Suppose that Ralph’s retirement account includes his social security number. The
data is stored in encrypted form, so only Ralph can view it. Not the database
administrator, not the developer, not the analyst—only Ralph.
Enabling FLE does not require updating application code; only updating the
database driver.
Here’s an animation that illustrates how this important feature works:
The Client Side Field Level Encryption FAQ offers additional details about FLE,
drawn from a full-length webinar available on demand.
6. AUDITING AND LOGS
Audit trails should track who made changes to the configuration of the database,
what those changes were and when the changes were made. With its audit
framework, MongoDB Enterprise offers a full audit trail of administrative
actions.
7. COMMUNITY EDITION OR ENTERPRISE SERVER?
MongoDB Community Edition is the free and open version of MongoDB. MongoDB
Enterprise Server offers additional security and performance features for
enterprise use cases at scale. A comparison of the two editions is available
here, along with instructions for upgrading from Community Edition to Enterprise
Server.
But if you are at the point of considering Enterprise Server for features like
LDAP integration and encryption at rest, why not evaluate MongoDB Atlas, the
fully-managed database as a service that delivers all of the goodness of MongoDB
Enterprise Server along with security best practices out of the box? MongoDB
Atlas is available and secure by default on all three major public clouds: AWS,
Microsoft Azure, and GCP.
THE BOTTOM LINE: SECURE DEPLOYMENT WITH CONFIDENCE
MongoDB is on the front line of security. Security practitioners will appreciate
the depth and range of encryption choices offered by MongoDB, as well as the
engineering effort invested in features like client-side field-level encryption.
* Consider diving into more detail by downloading a white paper on MongoDB
security architecture.
* Learn about MongoDB Atlas and its security configuration on the major public
clouds by exploring the Trust Center and downloading a paper on MongoDB Atlas
Security Controls.
* Discover how MongoDB enables compliance with regulations such as GDPR and
CCPA.
* Watch a webinar on a new approach to data privacy with MongoDB client-side
field-level encryption.
GET STARTED WITH MONGODB ATLAS
MONGODB ATLAS OFFERS BUILT-IN SECURITY FEATURES FOR YOUR DATABASE, FROM THE
START.
Get Started Free
English
* English
* Português
* Español
* 한국어
* 日本語
* Italiano
* Deutsch
* Français
* 简体中文
© 2022 MongoDB, Inc.
About
* Careers
* Investor Relations
* Legal Notices
* Privacy Notices
* Security Information
* Trust Center
Support
* Contact Us
* Customer Portal
* Atlas Status
* Paid Support
Social
* Github
* Stack Overflow
* LinkedIn
* Youtube
* Twitter
* Twitch
* Facebook
© 2022 MongoDB, Inc.
PRIVACY PREFERENCE CENTER
"Cookies" are small files that enable us to store information while you visit
one of our websites. When you visit any website, it may store or retrieve
information on your browser, mostly in the form of cookies. This information
might be about you, your preferences or your device and is mostly used to make
the site work as you expect it to. The information does not usually directly
identify you, but it can give you a more personalized web experience. Because we
respect your right to privacy, you can choose not to allow some types of
cookies, but essential cookies are always enabled. Click on the different
category headings to find out more and change our default settings. However,
blocking some types of cookies may impact your experience of the site and the
services we are able to offer.
MongoDB Privacy Policy
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
SOCIAL MEDIA COOKIES
Social Media Cookies
These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit. If you do not allow these cookies you may not be able
to use or see these sharing tools.
BACK BUTTON PERFORMANCE COOKIES
Vendor Search Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Confirm My Choices
By clicking "Accept All Cookies", you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts. You can enable and disable optional cookies as desired. Read
our Privacy Policy. Read our Privacy Policy
Manage Cookies Accept All Cookies