Yes, it could be that there was somebody before me that already noticed this iss... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		achillean on July 19, 2015 \| parent \| context \| favorite \| on: Finding MongoDB instances without any authenticati... Yes, it could be that there was somebody before me that already noticed this issue and decided to exploit it :-/ I saw on Twitter that there actually was a talk in 2013 at DEFCON about these sorts of problems in NoSQL, so in certain circles it's been known for a while just not acted upon.

tracker1 on July 19, 2015 [–]

It's still surprising... I've used MongoDB a few times, but I was always well aware to put it behind a firewall and setup basic auth.

I'm not really one for super fine grained security at the database level, but you should at least have some level of connection controls in place.

iptables isn't that hard.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact