Localhost security exception

Hi,

In the video Basic Security Part 2 https://youtu.be/AMceyWao3Ao, the instructor says that after you create your first user, the localhost exception closes. However, in testing, having created a user, if I turn off authorization in the config file and restart the server, then I can get back in on the localhost exception. I ran show dbs to confirm and it came back fine, although I haven’t tried other commands.

Obviously, the video is correct on the assumption that you have authorization enabled in your config file, but it doesn’t seem to be…how can I say it…entirely accurate? Obviously, turning off authorization once your system is in general use and possibly accessible from the outside world is a major no-no and you wouldn’t normally do that.

PS. Great course! I am really enjoying it :slight_smile:

Kind Regards

Bob

Hi Bob_65947,

The motive of the lecture is to show how we can increase the security using users and their roles.
You are right, if you run mongod without authorization, that means you are letting mongo process to not check for authentication/authorization.

In the beginning of the video, I can see the instructor explaining the security -> authozation: enabled code which explains that to achieve secured connection, we need to enable authorization.

Kanika

Hi Kanika,

Thanks for confirming that. The way the video was talking, I was stating to doubt my understanding of how that option worked. Thanks for clearing that up :slight_smile:
Regards

Bob