Mongo dba week 7 security backups

Additional Resources (2.5 min)

• Docs - mongodb.org
• Driver docs - 
• Bug database / feature request database [JIRA]
• Support forums (in Google Groups) - mongodb-user
• IRC - channel: freenode.net/#mongodb
• Source code on github
• Blog
• Twitter (@mongodb)
• Mongo Meetup Groups (MMUGs) - look on meetup.com

Hardware Tips (7.5 min)

Additional Features (4.5 min)

Geospatial Indexes (5 min)

location
latitude and longitude things
built on top of b-tree structures
uses variation of geo-hash codes

Data Recovery with MMS (4 min)

Quiz: Data Recovery with MMS Backup

You rack up $3.50 in MMS charges from a small backup restoration. What are your out-of-pocket costs?

-$1.50$0.00$1.50$3.50$5.00

Installing MMS Backup (3.5 min)

Introduction to MMS Backup ( min)

Backup Strategies (3 min)

Quiz: Backup Strategies

Which are true statements?

You can copy Mongo datafiles while a mongod is running.Its always safe to do a true snapshot of the data volume while mongod is running.mongoexport has the ability to directly access MongoDB datafiles in addition to connecting to a MongoDB cluster or server via the network.

Backups (12 min)

Intra-cluster Security (4 min)

Security and Clients (6.5 min)

--auth : runs it in a security mode.
to authenticate:
NOTE: users are added per-database
db.addUser(...) - system.users (which is used to create credentials in mongodb)
db.addUser( { user: "", pwd: "", roles: [] } ) - 2.4+
db.auth(username,password) - to authenticate in the shell
Types of users:
admin users - created in the admin database.  has privileges across all databases
regular users - access a specific database, read/write or read only.

Start by adding an administrative user:

> use admin

switched to db admin

> db.addUser("the_admin", "testpassword" )

{

"user" : "the_admin",

"readOnly" : false,

"pwd" : "8b7c802b3626405fd30fa921fcf41cf9",

"_id" : ObjectId("52851114c2e7840b9b05b49f")

}

> db

admin

> show collections

system.indexes

system.users

> db.system.users.find()

{ "_id" : ObjectId("52851114c2e7840b9b05b49f"), "user" : "the_admin", "readOnly" : false, "pwd" : "8b7c802b3626405fd30fa921fcf41cf9" }

passwords are hashed (not stored in plain text [i.e. a message digest])

Once the admin user has been added to the admin database, the rule that you can connect from the localhost no longer applies.  Meaning that we will have to authenticate or it wont let us in (even if we are on localhost).

> show dbs

Thu Nov 14 11:07:59.449 JavaScript execution failed: listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:L46

> // now we authenticate to do useful things

> db.auth("the_admin", "testpassword" )

1

> show dbs

admin 0.0625GB

local 0.03125GB

test (empty)

Quiz: Security and Clients

Which are true?

You can give a user read-only access to one database and write access to another database.The users password is sent over the network unencrypted.The users password is stored on disk unencrypted.

Security (5 min)

Introduction ( min)

Related Posts by Categories