MongoDB Security - Are User Roles Required?
I have a droplet with my MongoDB.
On reading some security tutorials I see mention of enabling auth
auth = true however I’m unsure whether I need this?
I SSH into my droplet with a sudo account. The operations I need to perform on the DB can be either read or update/insert. So is there any need to use a create another user with high enough credentials to do this? Just feels like I’m duplicating another user.
Also to add my MongoDB droplet only talks to my node droplet which in turn is open to the world (web app).
Any advice appreciated.