[deelin]

This little comment about Mongo really bothers me... I disagree that it's a flaw. It's obviously the fault of the tech team for not securing the DB

"One flaw is that the default settings of a MongoDB database would allow anyone with an internet connection to browse the databases, download them, or even worst case scenario to even delete the data stored on them"

[ansy]

Insecure by default is flawed by default.

Unless a product requires certification to use it can’t rely on expert knowledge to provide safety.

[deelin]

Imagine that you created a tool that had all security features enabled. The usability of it would be incredibly low and barrier of entry so high that rarely anyone would use your tool. The idea behind allowing "open access" is to allow for a new user to learn the most important aspect of your tool by realizing what problems it solves.

Of course, from a security standpoint, people will still make mistakes like this, but the onus is NOT on the tool developers. They make it configurable for a reason.

[ansy]

Sorry, a world where every tool is riddled with security holes by default and every developer needs to learn them inside and out to close them all through configuration is a ridiculous burden.

Is it really that difficult to require someone to set a secure password before a product is usable?

[vageli]

If you don't bother to read the manual for a piece of software upon which your business depends, that's your own fault.

[5ilv3r]

I agree completely. One must know their tools before they can use them safely. Ask anyone who has used a saw.