MongoDB Security & Defaults
h.reindl at thelounge.net
Fri Feb 13 16:50:54 UTC 2015
Am 13.02.2015 um 17:25 schrieb Frank Ch. Eigler:
> "Ryan S. Brown" <ryansb at redhat.com> writes:
>> [...] In January, the Fedora rawhide package for mongo was
>> changed to listen on all interfaces by default [...] To help
>> protect users, I think the default should be changed back to
>> localhost only. [...]
> We have a slew of network-servers in the fedora distribution.
> Apprx. none of them are supposed to be turned on just by virtue of rpm
> installation (so, require an explicit systemctl enable), and apprx.
> none of them get through the system-default firewalld setup. The
> out-of-the-box risk is therefore nil
that is as wrong as it can be
* the workstation product don't block incoming high ports
and hence i still call this defaults harmful and wrong
* it is not unlikely that a developer installs mongodb
on his workstation - since the target audience are
developers it is even high likely
* monogdb is listening on a port above 1024
do i need to explain the result or is that enough that you as well as
the workstation guys re-consider their mistakes?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the devel