I’m very new to Mongo, I’ve developed a project running on a digital ocean instance, I’ve enabled remote connections and bind it to 0.0.0.0, so enabling remote connections from app ip’s, I don’t have SSL/TLS installed, I want to know is it safe to access mongo remotely without TLS, is it safe from Man in middle attacks and sniffing?
I also received the following email from digital ocean:-
"We’ve received a notification from 3rd party security researchers, the Shadowserver Foundation, that your Droplet at <ip_addr> is running a MongoDB instance configured in a way that may be insecure.
This configuration may allow attackers to potentially access your MongoDB instance and remove or modify data hosted within it. This note is not to inform you that there has been a data compromise, but rather that your data might be at risk. "