Introduction
Databases are notoriously overlooked when it comes to security. Many a times, engineers assume that, because their application abstracts the underlying database, the actual database systems are untouchable to the outside world. However, if you were to think of the first principles, you have to make sure your database systems are completely locked down, not only to the outside world but also within your infrastructure. Every application, user, or server that needs to communicate with the database system should do so through a well-established access control list (ACL) mechanism. Thankfully, MongoDB provides a great deal of features that can help facilitate robust authentication and authorization models. In this chapter, we will look at how to implement various authentication and authorization rules to ensure that your production systems are secure. We will begin by creating a superuser and enabling authentication in MongoDB. Lastly, we will look at various role-based access models...