Comments (5)
valya: The MongoDB docs, http://www.mongodb.org/display/DOCS/Security+and+Authentication, recommend to run MongoDB in trusted environment. This is what we have by default in cmsweb cluster. I need to understand if it is acceptable.
from das.
lat: vocms53 is in firewalled territory where accesses are allowed only from front-ends and the host itself. Fortunately this machine isn't one of the reallocated systems with high ports available to half the world.
The access to MongoDB from front-end does concern me, although it's not a direct risk. Is it possible for you to configure MongoDB to listen only on localhost interface, not on 0.0.0.0 = all interfaces? This would be the exact reverse we've done to our own services, as you might recall.
So as long as DAS + MongoDB will run in restricted port range actually verified not to be accessible from other hosts, and MongoDB itself is not listening on outward facing network interfaces, you don't need to add extra layer of security in front.
(Copied from HN, as it was possibly relevant to other people there too.)
from das.
valya: MongoDB provides this flag:
--bind_ip Specifies a single IP that the database server will listen for
which we can use to setup which host it should listen to. In our case it should be localhost, since DAS cache server runs on the same node as MongoDB. And as we agreed (I hope we're) I will run MongoDB on specific allocated port range.
from das.
lat: Yes, that sounds what you want: --bind_ip 127.0.0.1 or localhost, depending on whether it wants address or name is ok.
from das.
valya: MongoDB is installed with --bind_ip 127.0.0.1.
from das.
Related Issues (20)
- pagination links do not remember DBS instance in DAS2GO HOT 3
- Handling of large run range queries HOT 4
- Duplicate entries in JSON output HOT 2
- Perform final migration of DAS python server to DAS go server HOT 3
- Display of Fraction of Datasets with invalid Files HOT 20
- Given a block name and a run number, query for file names HOT 2
- status filter not working HOT 3
- 'plain' option sometimes misbehaves HOT 3
- DAS not found but by "crab status" it exists HOT 2
- Config files not available from the Configs link in web queries HOT 7
- Error="invalid character 'p' after array element" HOT 14
- "DAS query guide" link points to nowhere HOT 1
- finding the file that contains a run,lumi is not working HOT 6
- error=invalid character '<' looking for beginning of value" HOT 2
- for results format = list, total number of entries is not correct HOT 1
- panic: runtime error from dasgoclient HOT 2
- Turn on Rucio requests from DAS by default HOT 1
- Explore data consistency checking between Rucio and PhEDEx HOT 3
- Remove Rucio-Account header from command line version of DAS HOT 2
- Remove PhEDEx from default list of services to query HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from das.