Review MongoDB vs RDBMS Review and show how to use common MongoDB Security Features *** IN PERSIAN LANGUAGE ***

1. 1
‫بررسی‬‫امنیت‬‫درپایگاه‬‫داده‬MongoDB
‫ارائه‬‫کالسی‬‫درس‬‫امنیت‬‫پایگاه‬‫داده‬‫دانشگاه‬‫تربیت‬‫مدرس‬
‫ارائه‬‫دهندگان‬:
‫علی‬‫افروغه‬-‫هستی‬‫لرنژاد‬
‫استاد‬‫درس‬:
‫دکتر‬‫صادق‬‫دری‬‫نوگورانی‬
‫نیمسال‬‫اول‬1399-1400
1399/10/26

2. What is MongoDB?
• A NoSQL Database
• Document Based Data Model
• Scalable
• Two Versions
• Community
• Enterprise
2

3. Example Document 3
{
"_id" : ObjectId("5ff1e654d2601d6d08066ea9"),
"Name" : "Ali",
"Age" : 25,
"phones" : [
"09125341231",
"09362312356"
],
"interests" : [
{
"name" : "soccer",
"score" : 90
},
{
"name" : "basketball",
"score" : 60
}
]
}

4. MongoDB VS Relational DBMS
RDBMS MongoDB
database database
table collection
row Document (BSON)
column field
Strict schema Schema less
4

5. MongoDB Security Features
• Access Control
• Role Based Authorization
• SSL/TLS Encryption for Data Transfer
• Enterprise Only:
• Encryption of Data Storage
• Auditing
5

6. Access Control
• Disabled by default
• Community Edition supports two Authentication mechanisms:
• SCRAM
• X509 Certificate
6

7. Role Based Authorization
• Users are scoped to a database
• “admin” database is a special database roles scoped to this
database apply to all databases
• Built in Roles:
• read , readWrite , dbAdmin , userAdmin , dbOwner
• readAnyDatabase , readWriteAnyDatabase , dbAdminAnyDatabase , …
7

8. List of practical tasks
• Enable access control
• Create user and grant default roles
• Create collections
• Create roles
• Grant role to user
• Revoke role from user
• Secure connection with SSL
8

9. References
• https://docs.mongodb.com/manual/core/authentication/
• https://docs.mongodb.com/manual/core/security-scram/
• https://docs.mongodb.com/manual/core/authorization/
• https://docs.mongodb.com/manual/tutorial/manage-users-and-
roles/
• https://docs.mongodb.com/manual/core/security-transport-
encryption/
• https://windowsreport.com/create-self-signed-certificate/
9