Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think by default mongodb has no enabled access control, so there is no default user or password.


Am I misunderstanding or do people launch their Mongo container without even MONGO_INITDB_ROOT_{USERNAME,PASSWORD}? It's clearly mentioned in the image README. Takes 15 seconds to set. I'd be incredibly concerned if anybody with more than a day of infrastructure experience did this, even worse on a production database.


How is this acceptable… requiring a password, even a weak one might have at least bought some time in this situation.


See https://acowebs.com/mongodb-security/




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: