Making Your MongoDB Community Edition Installation More Secure

June 23, 2017

Speaker: Tom Spitzer, Vice President, Engineering, EC Wise, Inc. 
Level: 200 (Intermediate)
Track: Security

MongoDB Community Server provides a wide range of capabilities for securing your MongoDB installation. In this session, we will focus on access control features, including authentication and authorization mechanisms, that enable you to enforce a least privilege model on user accounts. We will also discuss strategies for enabling and maintaining service and application accounts. Next we will present the encryption capabilities that are available in the community edition and discuss their benefits and possible shortcomings. Finally, we will talk about application level protections your developers can implement to keep risky code from getting to your MongoDB instance.

What You Will Learn:

The workings of the MongoDB User Management Interface, the Authentication Database, basic Authentication mechanisms (SCRAM-SHA-1 and certificates), Roles, and Role Based Access controls – plus best practices for using these features to improve the security of your database.

How to use TLS/SSL for transport encryption, application encryption options, and field level redaction.

How injection attacks work and how to minimize the risk of injection attacks.

Previous Presentation
Deciphering Explain Output
Deciphering Explain Output

Speaker: Charlie Swanson, Software Engineer, MongoDB Level: 200 (Intermediate) Track: How We Build MongoDB...

Next Presentation
Powering Microservices with Docker, Kubernetes, Kafka, and MongoDB
Powering Microservices with Docker, Kubernetes, Kafka, and MongoDB

Speaker: Andrew Morgan, Principal Product Marketing Manager, MongoDB Level: 100 (Beginner) Track: Microser...