Securing MongoDB

Good afternoon,

I have an piece of software that is written in nodejs and is bundled with mongodb.

The database is currently wide open for anyone with an account on the server to read any and all data.

My question revolves around the securing of the instance of mongedb in this application.

  • this is a black box - one install with only webserver parameters available for configuration

  • configurations are minimal and documentation is sparse, and does not talk about securing the application

  • I am in the middle of the mongodb university security course, I understand there are many ways to secure mongodb

  • the question is how can I secure the “database instance” in this black box without breaking the application (not a generic mongdb instance)

Thanks for any insights