If to run mongo with authorization (i.e mongod –auth) it still allows to connect using client mongo and get to mongo cli where one will get refused to execute any command.
But I wonder if it is possible to close such connection for the unauthenticated user so one does not see mongo cli at all?
Best Answer
A new connection to MongoDB has two key aspects:
As at MongoDB 3.4, the source IPs that are able to establish a connection are determined by your firewall settings. There is also a
bindIpsetting for MongoDB which determines which network interface(s)mongodlistens to.Once a connection is established, access control and authentication is managed by your MongoDB configuration.
In your example, you are able to connect via the
mongoshell because the source IP is not blocked by firewall configuration. Assuming access control is enabled and authentication has been properly configured, establishing a connection to MongoDB does not provide any access to data.For more information on best practices, see the MongoDB Security Checklist.