Hello, I am a long time mongodb user. I recently found out that even I set a password to my mongodb and set security features from my mongod.cfg like
If it is binded to 0.0.0.0, any user can connect to my database from remote.
When they connect to the database without a password, they cant see databases or collections but can run scripts. Even if they cant read or write to database, this is a security risk even if they can run simple scripts they can consum cpu etc…
Am I missing something? I tried a lot of parameters. I want only authenticated people to connect to the database.