Database Manual

Security安全

MongoDB provides various features, such as authentication, access control, encryption, to secure your MongoDB deployments. Some key security features include:MongoDB提供了各种功能,如身份验证、访问控制、加密,以保护MongoDB部署。一些关键的安全功能包括:

Authentication认证Authorization授权TLS/SSLEnterprise Only仅限企业版Encryption加密

Authentication on Self-Managed Deployments自我管理部署的身份验证

Database Users数据库用户

SCRAM

x.509

Role-Based Access Control in Self-Managed Deployments自我管理部署中的基于角色的访问控制

Enable Access Control on Self-Managed Deployments在自我管理部署上启用访问控制

Manage Users and Roles on Self-Managed Deployments在自我管理部署中管理用户和角色

TLS/SSL (Transport Encryption)(传输加密)

Configure mongod and mongos for TLS/SSL on Self-Managed Deployments在自我管理部署上配置mongodmongos的TLS/SSL

TLS/SSL Configuration for Clients客户端的TLS/SSL配置

Kerberos Authentication on Self-Managed Deployments自我管理部署上的Kerberos身份验证

Self-Managed LDAP Proxy Authentication自我管理LDAP代理身份验证

Authentication and Authorization with OIDC/OAuth 2.0使用OIDC/OAuth 2.0进行身份验证和授权

Auditing审计

Log Redaction日志重设

Queryable Encryption可查询加密

Client-Side Field Level Encryption客户端字段级加密

Encryption at Rest静态加密

TLS/SSL (Transport Encryption)(传输加密)

Secure Your MongoDB Atlas Deployments保护MongoDB Atlas部署

MongoDB Atlas, the fully managed service for MongoDB deployments in the cloud, comes preconfigured with secure default settings. Atlas also provides the following key security features:MongoDB Atlas是云中MongoDB部署的完全托管服务,预先配置了安全的默认设置。Atlas还提供以下关键安全功能:

Security Feature安全特性Description描述
Authentication and Authorization认证与授权In Atlas, you configure database users to access your deployments. Atlas provides various ways to perform user authentication and authorization, including LDAP, OIDC, and X.509. 在Atlas中,您可以配置数据库用户以访问部署。Atlas提供了各种执行用户身份验证和授权的方法,包括LDAP、OIDC和X.509。To learn more, see Configure Authentication and Authorization.要了解更多信息,请参阅配置身份验证和授权
Encryption加密By default, Atlas encrypts all data stored in your deployments and uses TLS/SSL to encrypt the connections to your databases. To add another layer of security, you can configure Encryption at Rest using Customer Key Management.默认情况下,Atlas会加密存储在部署中的所有数据,并使用TLS/SSL加密与数据库的连接。要添加另一层安全性,您可以使用客户键管理配置静态加密
IP Access ListIP访问列表Atlas allows connections only from addresses specified in the IP access list. To learn how to manage client connections in Atlas, see Configure IP Access List Entries.Atlas只允许从IP访问列表中指定的地址进行连接。要了解如何在Atlas中管理客户端连接,请参阅配置IP访问列表条目
Cloud Provider Support云提供商支持Atlas supports network peering connections and private endpoints to secure your deployments hosted on AWS, Azure, and Google Cloud. Atlas支持网络对等连接和私有端点,以保护您在AWS、Azure和Google Cloud上托管的部署。To learn more, see Set Up a Network Peering Connection and Configure Private Endpoints.要了解更多信息,请参阅设置网络对等连接配置专用端点

For a full list of security features in Atlas, see Security Features for Clusters.有关Atlas中安全功能的完整列表,请参阅群集的安全功能

Report Suspected Security Bugs报告可疑的安全漏洞

If you suspect you have identified a security bug on any MongoDB products, please submit the issue using our Security Bug Submission Form.如果您怀疑您在任何MongoDB产品上发现了安全漏洞,请使用安全漏洞提交表提交问题。