Security level in terms of login authentication

Hello,

I’m almost finishing here the Chapter 1 of the M310, and after all those lessons I would like to know what is more secure to use in authentication when it comes to IoT applications with a very small team:

1 - SCRAM-SHA-1
2 - SCRAM-SHA-256
3 - x.509

I read in some article that using a certificate is more secure because it has more options, but it is harder to maintain and make a secure certificate.

If I use SCRAM-SHA-1, what is the best practices to make a password always secure? Like for example, change the password from month to month.

Hi Jorge_18974,

In the last chapter we discuss best practice for securing MongoDB.

Our general best practice recommendation is to use x.509 client certificates, or to integrate with existing user catalogs in the organization via LDAP or Kerberos authentication. A centralized user administration and life cycle has several security benefits.

We currently don’t support expiry date on user accounts but we are considering this as a feature. Account lockouts it is a tricky topic for any service-service architecture since it allows for trivial DoS attacks.

You may want to watch this issue here

https://jira.mongodb.org/browse/SERVER-7363

Hope this helps,

David

1 Like

Thank you very much David, it helped me a lot!

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.