Back in 2019 there were discussions about Mongo DB running without access control. Our security folks have discovered this and have raised it as a critical issue.
Has any progress been made is strengthening the security of the database or has anyone developed a work-around ?
Thanks. Any estimate as to when it will get on the plans? Security wants me to take the service down.
Hi @GeneF,
Thanks for posting.
To clarify, cryoSPARC’s database runs without an additional authentication layer because it is (and has so far always been) designed to be run within a trusted network environment. CryoSPARC will not be secure (regardless of database authentication) if it is exposed to malicious users - this is why cryoSPARC should never be hosted on the public internet without additional authentication layers. Within a network, the database access can be further restricted using standard firewall/iptables rules to ensure that the only nodes that can access the MongoDB port are the master node itself and the worker nodes within the cluster. Only the web application port needs to be accessible to end user machines. For details of port numbers and how they are used, please see: cryoSPARC Installation Prerequisites - CryoSPARC Guide. In particular, the official MongoDB documentation has a page dedicated to configuring Linux iptables to limit access to the database. We recommend enabling this for the cryoSPARC master and worker components to reduce the risk of unintentional access.
We do understand the desire for (at least some basic form of) authentication on the database, as raised in previous posts. The utility of adding this authentication is mainly to prevent non-malicious users from accidentally making changes to the database that they should not make (a problem that is also treated by our recommended practice of maintaining frequent database backups).
We are planning to add database authentication in an upcoming release. Unfortunately due to the size of the change this is not something that can be done quickly or in a patch, and will likely be a non-backwards-compatible upgrade or option to enable. Administrators of cryoSPARC instances should always ensure that the system is not accessible to malicious users, firewall rules are appropriate, and the database backups are ongoing.
1 Like