So currently I have a server running, it uses mongoDB as its database, and also stores files inside of it (using gridFS). All files are first encrypted by a global server password (it acquires this key as the server first starts up.), I chose not to use each users password to encrypt the data because I was worried someone could just look at the mongoDB database (if they had physical access), and just take the passwords from there, I did not want to store the encryption password anywhere on the server. And also I would run into complications when a user wanted to change their password (would I reencrypt every single chunk of that user? Or perhaps still store the old password?).But, what would stop someone from just using the mongoDB CLI tool (again assuming they have physical access), and just change a users password while its still running (so they do not lose that encryption key on startup), log into their account, and finally download their data?I looked into adding authorization to mongoDB, but it seems like there is still always an admin account active, no matter what, if i'm not mistaking. Is there any way to make it so only node can access mongoDB after some type of authorization? Or perhaps lock the Ubuntu system so if someone did have physical access they couldn't just run commands, and snoop around the database?Sorry this might not be the best sub to post this, please let me know if there is a better one.
Submitted February 27, 2020 at 09:05PM by subnub99
No comments:
Post a Comment