learning
/
mongodb-for-python-developers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bfd7d71ba7'
${ noResults }
mongodb-for-python-developers/transcripts/ch9-deployment/11.txt

76 lines
4.5 KiB
Plaintext
Raw Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

00:00 So we've encrypted our MongoDB,
00:03 we've got it hidden behind a firewall and
00:05 listening on a non standard port, let's get into it.
00:08 Here we are connected to our Mongo,
00:10 there is really nothing going on yet, it's just empty,
00:12 we haven't added our data or anything like that, but nonetheless here it is,
00:16 notice there was no user name or password required to get in,
00:19 that's what we're going to fix next.
00:21 So the first thing to do is we're going to run this db.create user command.
00:25 We want to create a user to admin entire database server
00:30 like all of MongoDB not just wherever we happen to be,
00:34 which is called test, not an amazing name.
00:38 So we're going to say use admin and now you can see db is admin
00:44 so we can show collections, see what's here
00:46 and it's basically empty, but now we can run these db commands
00:50 focused on creating users against admin which means kind of global.
00:54 So we're going to run this command here, paste it so I don't get it wrong
00:59 because these roles have to be just so, it's very touchy,
01:02 go with this for the db admin, that's probably fine,
01:07 or mongodb admin, you can take your pick
01:10 and the password is probably little wimpy, let's try to fix that.
01:14
01:18 Let's go over here and run pt python and import uuid, okay,
01:24 and then let's do something like this, print
01:28
01:37 we'll call uuid that uuid4, call that, there we go,
01:43 what do you think is that a decent password?
01:47 I would say so, that's going to definitely slow down some dictionary attacks.
01:51 Now over here, we got to delete this,
01:55 sadly you can't paste over a selection in MacOS,
01:58 alright, so we're going to run this user, this password
02:01 and now we have to specify the roles
02:04 we could create like multiple users
02:06 that have certain restricted access to different databases
02:10 and that's probably not a bad idea, but for this example
02:12 we're just going to say this thing can admin read databases,
02:17 admin any databases or clusters
02:19 by the way just because you are an admin for a database
02:22 does not mean you can read and write to it
02:25 you could just create users and things like that, so you need them all.
02:28 Let's try this, boom, successfully created.
02:32 Now, did magic happen when we did this?
02:34 Let me copy this real quick, if I exit and I go over here
02:42 and I try to connect without any authentication,
02:44 no, nothing happened; why, if we come over here and we check out our config,
02:52 down here at the security, this puupy is wide open
02:57 so we need to go down and say authorization is enabled;
03:05 now, if we do that and we restart MongoDB,
03:07 so service mongo d restart, probably a good idea to ask for status,
03:12 also not happy, again, what have we done, let's have a look.
03:18 I think it might help if I spelled this right,
03:20 not very forgiving these computers are they,
03:23 all right, everything is running that's all good,
03:26 and if we try to connect to it again, now it's going to come over here and say
03:31 hello you are connected right, db.version for example, like this,
03:37 right so we're connected to it, we can sort of interact with it
03:42 but watch this, show dbs, failure you cannot show dbs,
03:47 in fact, you can't do anything other than basically log in.
03:51 So I can come over and say db, I say this use admin db.auth
03:58 and I could set the username and password, so I could say
04:04 user is this, password is whatever we want to put here,
04:10 you have to forgive me if I don't want to type that again, copy and paste that,
04:14 pwd rather not password, so we could log in this way, as you'll see
04:22 now I can say show dbs, use test and so on, show collection,
04:30 so I am basically authenticated at this point, right,
04:34 so I can log in this way and do this, but you probably don't want to do this,
04:38 you probably don't want to do it that way,
04:40 instead you probably want to say user is this,
04:44 it says pwd, I think it might be, is this
04:49
04:52 oh one more thing, I forgot, so we have the username and the password
04:56 but we also have to add the authentication database being admin
04:59 there we go, okay, notice our warning about running without authentication is gone
05:08 and I can now show dbs straight away, I don't have to go do this like
05:12 switch to admin, do the auth and so on.
05:15 So this is really handy for our scripts here that we're going to use later.
Reference in New Issue View Git Blame Copy Permalink