MongoDB Security

By default, security and authentication is disabled. Create the administrator account before switching on authentication. Enter the console of the admin DB:

mongo admin

Add the administrator user:

db.createUser({user: "adminUserName",pwd:"adminUserPassword",    roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWriteAnyDatabase", db: "admin" }, { role: "dbAdminAnyDatabase", db: "admin" }, ] })

Enable authentication by editing the "/etc/mongod.conf" file
Uncomment this line:

auth=true

Restart MongoDB. Enter the console of the admin DB and you'll find that you'll need to authenticate before performing any operations:

db.auth({user: "adminUserName",pwd:"adminUserPassword"})

Now you should be able to add a user for the app database containing your data, and make this user the owner of the app database:

db.createUser({user: "dbUserName",pwd:"dbUserPassword",    roles: [ { role: "dbOwner", db: "dbName" }] })

Note: this needs to be done inside the app database

To enable remote login, comment out the "bind_ip" in "/etc/mongod.conf".

Note: Steps tested on MongoDB 2.6.x