-
Notifications
You must be signed in to change notification settings - Fork 707
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MongoDB is not actually being secured #60
Comments
prydonius
pushed a commit
to prydonius/manifest
that referenced
this issue
Nov 29, 2017
prydonius
pushed a commit
to prydonius/manifest
that referenced
this issue
Nov 29, 2017
prydonius
pushed a commit
to prydonius/manifest
that referenced
this issue
Nov 29, 2017
prydonius
added a commit
to vmware-archive/manifest
that referenced
this issue
Nov 29, 2017
prydonius
pushed a commit
to prydonius/kubeapps
that referenced
this issue
Mar 5, 2018
* add deprovision * delete selfLink instead of params * remove delete url * readability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We're setting the root password and user password, but not setting a MONGODB_USER so the authentication configuration is being ignored and MongoDB allows unrestricted access.
One issue is that, according to the docs, if we create a user and database, the user only has access to this one database. In dashboard we intend to use multiple databases, so we will either need to run a job to setup users and databases after starting MongoDB or simply just connect as the root user.
In the meantime, I will change everything to authenticate correctly as the root user (because that's still better than the current unrestricted access), but we should look into configuring the MongoDB image to create users and databases for each service.
The text was updated successfully, but these errors were encountered: