Environment variables for the Mongo database connection Figure 2 shows the types of environment variables used to pass the values.įigure 2. Passing credentials via environment variables can result in leakage of information at multiple places if the host is deployed using virtual machines or containers. In addition to the web panel authentication scheme discussed above, the Mongo Express package supports database authentication credentials to be passed via environment variables. Mongo Express web management console authentication variables Figure 1 shows the variables used to provide the basic authentication credentials.įigure 1. This means that, if the basic authentication is configured, the HTTP request header Authorization: Basic should be transmitted with every request to access different Mongo Express web components. It primarily supports basic authentication, which encompasses the base64 encoded payload of a username:password combination. Mongo Express comes with a config-default.js file. This case study highlights the deployment of Mongo Express admin panels without authentication on the Internet and the various measures to prevent the exposure. It is authored using Node.js, Express and Bootstrap packages. Mongo Express is a lightweight web-based administrative interface deployed to manage MongoDB databases interactively.
0 kommentar(er)
