The security model of MongoDB is pretty easy to sort out. http://www.mongodb.org/display/DOCS/Security+and+Authentication
1) By default, there is no security. [like in Memcache]. So anyone can connect to your port, and do whatever they want with any database. You are expected that you only run the daemon in a trusted environment. At least 'apt-get install mongodb' only listens on 127.0.0.1 2) You can teach mongodb to start as 'mongodb --auth'. Which sets up user/password or keyfile authentication. You then get: a) For each named db, a user has either None, readonly, full access b) The 'admin' superuser has full access to everything. There are a lot of details on the above page when you get into sharding, replication and all that. But I think the above is pretty much it. Also, I think to *set up* users, you have to start in no-auth mode, set it up, and then restart with auth mode. John =:-> -- Mailing list: https://launchpad.net/~maas-devel Post to : [email protected] Unsubscribe : https://launchpad.net/~maas-devel More help : https://help.launchpad.net/ListHelp
