I've been following a tutorial with express, node and mongo.
I have in a config file on the server side:
production:{
db:'mongodb://MYUSERNAME:MYPASSWORD#ds033307.mongolab.com:33307/dbname',
rootPath:rootPath,
port:process.env.PORT||80
}
so, i have my username and password in clear text in a server side javascript file. should i be worried about this? if yes, where else can I put it?
Thanks.
Edit: I went back and had a look at mongolab and heroku (where my site is hosted) docs.
Where I found: "The MongoLab add-on contributes one config variable to your Heroku environment: MONGOLAB_URI", and so I was able to put the MONGOLAB_URI env var into my config and move the password out of the source code.
With regards to the same datacenter, am I right to assume heroku would not be hosting my mongolab database in their datacenter, but would instead be calling out to a cloud service mongo database? Not much I can do then, is there, if I want to stick with mongolab and heroku?
I know this question is old but according to Heroku's docs they currently use 2 datacenters (https://devcenter.heroku.com/articles/regions#data-center-locations).
Their US server is 'amazon-web-services::us-east-1' and their EU alternative is 'amazon-web-services::eu-west-1'.
Both of these data centers are available when launching mongo instances on Mongolab so you can choose for both your app and your db to be on the same datacenter giving much improved security.
I think you should always be concerned about storing passwords in source code files. Generally you would be much better off keeping it in a configuration file that is managed separately. This gives you the flexibility to use the same code with a different configuration file to point to development or qa databases.
Of bigger concern perhaps - are you hosting your application in the same datacenter that MongoLab is hosting your database? If not, that user name and password, along with your data, will traverse the internet in the clear.
MongoLab does not currently support SSL (other than for their RestAPI) so even they recommend being in the same data center:
Do you support SSL?
Not yet but it is on our roadmap to be available in Summer 2014. In
the meantime, we highly recommend that you run your application and
database in the same datacenter. If you have a Dedicated plan, we also
highly recommend that you configure custom firewall rules for your
database(s).
Rest API:
Each MongoLab account comes with a REST API that can be used to access
the databases, collections and documents belonging to that account.
The API exposes most the operations you would find in the MongoDB
driver, but offers them as a RESTful interface over HTTPS.
I would definitely read MongoLab's security page fairly closely:
https://docs.mongodb.com/manual/security/
Related
we are using 2018.3 version of Tableau Server. The server stats like user login, and other stats are getting logged into PostgreSQL DB. and the same being cleared regularly after 1 week.
Is there any API available in Tableau to connect the DB and take backup of data somewhere like HDFS or any place in Linux server.
Kindly let me know if there are any other way other than API as well.
Thanks.
You can enable access to the underlying PostgreSQL repository database with the tsm command. Here is a link to the documentation for your (older) version of Tableau
https://help.tableau.com/v2018.3/server/en-us/cli_data-access.htm#repository-access-enable
It would be good security practice to limit access to only the machines (whitelisted) that need it, create or use an existing read-only account to access the repository, and ideally to disable access when your admin programs are complete (i.e.. enable access, do your query, disable access)
This way you can have any SQL client code you wish query the repository, create a mirror, create reports, run auditing procedures - whatever you like.
Personally, before writing significant custom code, I’d first see if the info you want is already available another way, in one of the built in admin views, via the REST API, or using the public domain LogShark or TabMon systems or with the Addon (for more recent versions of Tableau) the Server Management Add-on, or possibly the new Data Catalog.
I know at least one server admin who somehow clones the whole Postgres repository database periodically so he can analyze stats offline. Not sure what approach he uses to clone. So you have several options.
Situation:
Have created today a new Compose for MongoDB Service instance in Bluemix
Need:
I have to access this MongoDB DIRECTLY with tools (eg. Mongo Managemant Studio Pro, mongo.exe, etc.) for bulkloading, testing, ad-hoc data fix, etc.
Problem:
I have not found any docs, samples nor a CLEAR statement that
a) gives me some confirmation that THIS is possible
b) gives me COMPLETE information (not just some technical fragments that might have worked year ago) how to do it.
Maybe I am looking to the wrong places or do not know the right people. However I am stuck on this, and before quitting Bluemix MongoDB maybe somebody has a copy/past solution or handson step by step manual.
Any help welcome. Thanks!
Connecting to MongoDB service in Bluemix from an application is possible. For this answer I have used the application "Robo3T" and here are the steps:
Access your MongoDB Service on you Bluemix account. Usually under
"Cloud Foundry Services"
Open section "Manage", from "Connection Settings" copy from "HTTPS" the connection address and port. In this example "sl-eu-lon-2-portal.5.dblayer.com" and "20651"
In Robo3T create a new connection with the connection address from previous step
In tab Authentication configure database name, username and password
. The credentials are found as in step 1
From "Connection Settings" copy the SSL Certificate into a text file and save locally.
In Robo3T Add the certificate to the connection in the "SSL" tab
Test the connection and save the settings
Answer
YES, Bluemix hosted Compose for MongoDB instances can be connected from the mongo Shell and some updated DB Managment tools.
However, you have to make sure, that in case you are running the newest DB versions, that your tools (shell and DB management GUIs) comply with the newest DB features such as encryption etc.
Origin of the Problem
My problem was due to older and therefore incompatible versions of the mongo shell and DB-managment tools running against the newest MongoDB versions with their specialities on encription and multiple servers to be handled in the URI.
At least two DB managment tools are not compatible with the newest DB version and will take their time to get fixed. The problem is, that both will not tell you about this. They just do not not connect. No logs on either side. Period.
So my advise here: look for tool providers who express dedicated compliance with the specific version of your DB.
Advise to the Bluemix Team
It might not take much time to provide some sample connection strings for the most common tools like the mongo shell, MongoBooster, etc. to take the hassle and guesswork out of interpreting the Environment variables and figuring out what is needed for specific connection strings and what is not.
For instance MongoDB Atlas hosting provides for every cluster readymade connection strings for many tools you can just copy/past and done!
Connecting to Atlas took me 5 Minutes. For Bluemix I have lost hours! Not because it is complex, but because the documentation and the generated Info is somehow incomplete and messy - at least for the ones who do not connection strings for their living!
I'm asking this out of concern for my database's security. Meteor encourages developers to remove the insecure package and move all database-altering operations to methods executed safely on the server, which one can happily do.
However, it strikes me after deploying to mywebsite.com with meteor deploy mywebsite.com that the command meteor mongo mywebsite.com seems to be accessible and connective for anyone who cares to run it? How would one mitigate this direct access, or is it not actually as open as I believe?
I was worried for no reason - the credentials that you set up when deploying an application for the first time are required for access to the production database from an unfamiliar machine. You will be interactively prompted when accessing via meteor mongo.
How can I acces MongoDB service running on Appfog from my local? I want to use it with gui application. Is it possible?
I am assuming that you are using an AppFog MongoDB add-on and that the GUI tool you want to use is running locally on your machine, is that correct?
It's not clear to me what GUI application you're trying to use, but chances are it accepts a MongoDB URI of the form "mongodb://[user]:[pass]#[host]:[port]/[dbname]" You can use this info to connect through the db shell, too. Or if your tool doesn't take a URI, you can cut&paste specific values from the URI according to the format.
If you are using an AppFog MongoDB addon, then you can get the value for your URI from the Env Variables section of your app page at the AppFog portal. You can also get that value in your code, per something like https://docs.appfog.com/add-ons/mongolab.
You should also keep in mind that MongoDB services often have their own management UI that you can use. If you go to the Addons section of your application page on AppFog, scroll to your provider and click "Manage" you can access their tools as well.
Good luck, and let me know if I have misunderstood your question.
Sincerely,
Eric
Am working on a project using python/flask/mongodb, and needed to figure out the hosting/infrastructure.
Prefer to use VPS'es instead of services like Heroku.
Which in your opinion is the better option ?
a) Linode app/web server + mongoHQ
b) Linode app/web server + mongodb & replicas setup on a few Linodes
c) AWS EC2 with MongoHQ (sicne mongohq is hosted on EC2 as well)
d) Any other advisable suggestions?
I am experienced in Linux/DB in general, hence more concerned about the maintenance efforts, distracting me from delivering actual application features.
Thanks.
This is a hard question to answer as there's no correct answer to this.
This all depends on your traffic, application uptime needs and ultimately your manpower and infrastructure.
If you're a one person startup and with limited Mongo DB knowledge (ie setting up replicasets, sharding etc) then go with Mongo HQ. I have done some test instances with Heroku as the app layer and they work well enough.
As you grow it might be a good idea to hire a dedicated mongo person and/or sign up for paid 10gen support which also gives you access to their monitoring console and other goodies to help management.
My only suggestion would be to watch your queries... When generating search result pages, specify only the fields you want and need from the db... Your throughout and latency aye generally a bigger cost for queries from remote systems than execution time for a query.
Also see if MongoLab or MongoHQ have in site or hosting from a priority connection to your vps site of choice.
Having managed db hosting can be a really nice thing.