Too fast, too insecure: Securing Mongo Express web administrative interfaces

2019-04-26 05:30

Mongo Express is a lightweight web-based administrative interface deployed to manage MongoDB databases interactively. It is authored using Node.js, Express and Bootstrap packages. This case study highlights the deployment of Mongo Express admin panels without authentication on the Internet and the various measures to prevent the exposure. The authentication scheme Mongo Express comes with a config-default.js file. It primarily supports basic authentication, which encompasses the base64 encoded payload of a username:password combination. This means that, … More → The post Too fast, too insecure: Securing Mongo Express web administrative interfaces appeared first on Help Net Security.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/GqUD1rABh4U/

#WEB