|
|
|
|
|
|
by Kristine1975
3839 days ago
|
|
|
These things happen to the best: In 2001, the World Economic Forum had their MS-SQLServer with personal data of the participants connected to the Internet. With the standard account enabled (user: "sa", password: empty). It then got "hacked" and the data leaked. German article about it: https://www.woz.ch/-41f8 |
|
|
1. There is no password prompt during installation. This was the same problem many relational databases had back in the day with default user credentials. Today, I don't know of a single relational datastore that comes with default credentials during installation. (ignoring things that shouldn't go to production like homebrew) Individually, they all said it was a "security threat" and did something about it.
2. Things like MMS or other offering from MongoDB itself expect you expose your nodes externally so they can manage things for you. This can easily be made secure... but its contradictory in nature. It suggests to somebody who probably doesn't know what they're doing on the IT or DevOps fronts to do something more easily dangerous than not... just so they can sell their vendor services to you. Its a recipe for disaster but its also easily fixable with a few design changes on their side.