Tag Archives: auth

Security: mongodb

If you don't have auth on mongo servers which are open for all your network hacker could:
— use system commands like: ls (), cat (), removeFile (), fuzzFile ().
— use command: load (), which loads javascript script
— also he could enable auth for your instances and you loose control
— detect if it's a windows or linux host by _isWindows ()