Mongod access control


#1

Mongodb runs with no access control. Our security people won’t allow that. In an attempt to meet security needs, I changed this to bind to localhost rather than listening on the public IP address, but found that breaks access by CryoSparc server. If I ad basic access control to mongod, this will also break access.

Is there a way to get Cryosparc to use credentials to access mongod, and to access via 127.0.0.1? Ideally both of these should be implemented. As of now, I am using iptable filtering to block external access.


#2

Hi @Juno,

Our discussion forum went down for a couple of days and there may have been a post that was lost from this thread.
We currently are not supporting access control in mongo - but in general cryoSPARC should (of course) never be run on machines that are publicly accessible directly. Could you clarify your use case? Our recommendation is to use nginx as a reverse-proxy to allow outside users (if necessary) to access cryoSPARC over the public internet via HTTPS+auth of your choice. Mongodb should only ever be accessible within the local network (which is needed for worker nodes to communicate and write results).