I want to set up realtime backup in a another datacenter by adding a member over internt.
Access are restricted by firewall.
Are the Oplog are transferred in clear, which means that a man is middle can read them ?
Welcome to the MongoDB Community @Paul_Langeard!
If you are planning to connect to your deployment over a public network, best practice would be to enable network encryption (TLS/SSL) and configure role-based access control before binding your deployment to listen to public network interfaces. You can further limit exposure by connecting your remote replica set member via VPN/VPC instead of directly over the internet.
Please review the MongoDB Security Checklist for some recommended security measures.
If you do not configure your deployment for network encryption, data will be transferred in the clear.
Regards,
Stennie
Thanks for your answer. Role-base access are in place, I read already that documents.
I would like to know how the opLog are transmitted, if they can be intercepted and read ?
Hi Paul,
As I commented above, you need to configure your deployment for network encryption (TLS/SSL) to secure communication. Setup of TLS encryption is based on providing certificates that can ideally be validated against an issuing authority. For more information, please see Configure mongod and mongos for TLS/SSL.
If you haven’t configured network encryption, any data sent to/from your deployment (or between members of your deployment) will not be encrypted so eavesdropping of unsecured network traffic is possible.
Oplog data is transmitted using the same MongoDB Wire Protocol and transport mechanisms used by MongoDB drivers.
Regards,
Stennie
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.