1

so I have a bundled software that a client can download and install (using an msi on win machines).
part of this software is a mongoDB database, that stores client info, configurations, etc..

When the software is first installed, it creates an empty folder for the mongoDB, and whenever the software starts, it starts a mongod process (using C#'s Process.Start()): mongod.exe --dbpath <path> --port <port> --quiet.

My goal is to secure the mongoDB database with a username / password that will be known only to my application.

this will help prevent tampering with my client's data from the outside, as well as make it harder (but not impossible, see below) for the client themselves to tamper with the application's data.
The general idea, I guess, is that on installation (or on startup), to create a user with read / write privileges which my software will use to communicate with the database.

So My questions are:
1. How do I programmatically do this? I guess this is the right direction, but I couldn't find much info on the c# driver docs
2. How do I deal with upgrades? i.e clients who installed a previous version of the software, where the database is not secure at all; i would like to create a user with a password in that case as well. 3. how do I store the application user's credentials in my application? in a config file? but that can be read by the client. any best practices here?

versions info- (unfortunately, because of my company's issues, we're not using the latest product versions); mongoDB 2.6, mongoDB driver for .net 1.5.0.

thanks!

P.S. I have read through the security section on the mongoDB website, but wasn't able to find a simple example for the use case I'm trying to implement.. maybe I'm just missing something simple here..

Community
  • 1
  • 1
J. Ed
  • 6,692
  • 4
  • 39
  • 55

2 Answers2

0

C# driver connectionstring can accept login credentials for the database. mongodb://username:pwd@server:port/dbname

for ex mongodb://myuser:mypassword@mydbserver:30254/mydb

The best way is to store the data in a config file. If you are worried about exposing it, it can be encrypted and stored. Other less likely option is to store in a resource file and reference that as a string.

XtremeBytes
  • 1,469
  • 8
  • 12
  • thanks, but my question wasn't just about how to connect to a secure database; it was about programmatically making it secure, and the best way to do it – J. Ed Apr 01 '15 at 15:07
0

This is kind of an interesting, unusual use case.

First of all, I want to make sure you're aware of the licensing/copyright implications of bundling MongoDB with your software. You should check out the license section of the mongo project GitHub page and read up on the AGPL.

Second, the easiest part of your question:

how do I store the application user's credentials in my application? in a config file? but that can be read by the client. any best practices here?

This goes beyond MongoDB. If a user owns the system that the mongod process is running on, they could just copy the data files and set up a no-auth mongod on top of your application data. You cannot reasonably stop them from doing things like that, so do not count on your application's data to be secure from the client user. Plus, if you install your application code locally, any decently smart and committed person should be able to extract the username and password from the compiled application code. You can make it hard, but not impossible.

Third,

How do I programmatically do this?

Based on what I just said, I'm taking "this" to mean

on installation (or on startup), to create a user with read / write privileges which my software will use to communicate with the database.

not the part about having it be secure from the person who owns the computer it's installed on, because that's not possible. To do this, I'd either package a mini datafile to start the mongod on top of, one that included users set up already, or include a dump that you use something like mongorestore to load into the mongod after you start it up. The first option is way simpler to implement and should not require you to have to take down and respawn the mongod process, so try that - see if you can set up a mongod with auth how you want it and then transplant user info by copying data files. FWIW, I'm pretty sure the passwords are not stored in plain text in the data files (they are salted), so you won't have that directly exposed from the data files.

Finally,

How do I deal with upgrades?

You'll have to take down their mongod, restart it with auth, use the localhost exception to create the users you need, turn off the localhost exception (optional but why not), and then end that connection and start new ones using auth. It's the same process as in the security tutorials, you just have to do it with C# driver commands. Note that moving between MongoDB versions is also tricky as the seurity model has improved over time, so you should consult the upgrade guide for extra things to do to make sure user schema gets upgraded correctly if you are moving a user from a secure 2.6 to a secure 3.0, say.

wdberkeley
  • 11,531
  • 1
  • 28
  • 23
  • thanks, indeed i'm aware that you can't block someone from viewing data that's stored locally on their computer, but i do want to make it a little hard for them. about creating a user- using a preconfigured datafile to start with sounds very good, but it'll only work for new installations; upgrades will have to be done in the way you described later. since i'll have to do the process of creating a user for an existing database anyway, I think I might as well not bother with a datafile, but rather write a little piece of code that runs after installation and creates users if not found – J. Ed Apr 02 '15 at 07:59