Kadlec: The MongoDB hack and the importance of secure defaults

Post Syndicated from corbet original http://lwn.net/Articles/711328/rss

Tim Kadlec looks at the
ongoing MongoDB compromises
and how they came to be.
Before version 2.6.0, that wasn’t true. By default, MongoDB was left
open to remote connections. Authentication is also not required by default,
which means that out of the box installs of MongoDB before version 2.6.0
happily accept unauthenticated remote connections.