I suspect a lot of people are using MongoDB as the database backend to their web applications or services, so they are probably being indirectly exposed to the Internet. (Just like your Postgres or MySQL database.)
I've never exposed a Postgres or MySQL database directly to the internet, either. They're always listening to localhost connections only, and the only code that gets to make direct calls into them is my code, which means input sanitization prevents attacks like this.
The same goes for my use of MongoDB.
Though I am curious if anything similar exists for CouchDB, as they seem to be encouraging dangerous configurations like that.
The same goes for my use of MongoDB.
Though I am curious if anything similar exists for CouchDB, as they seem to be encouraging dangerous configurations like that.