Does MongoDB Compass meet my organizations security requirements?

Benjamin_Slade · October 29, 2021, 1:21pm

I’m trying to get MongoDB Compass installed on my PC at work. The security people are asking if it installs it’s own mini-database server on the PC (a security no no). From what I can tell, it doesn’t look like there’s any historical performance data collection so Compass doesn’t need to store data like this locally.

But looking at FAQ->Why are some features of MongoDB Compass not working?, it does looks like Compass has “features which require incoming connections from external sources”. This doesn’t make sense. How would an outside application even now where and how to initiate a connection to Compass on my PC? Is there any documentation on this so my security admins decide if Compass meets security requirements?

Thanks in advance
Ben

Massimiliano_Marcon · November 1, 2021, 7:32am

Hi @Benjamin_Slade,

thank you for your question. Looks like our documentation is slightly imprecise – I will get it fixed.

What it should say, is that in addition to the connections to MongoDB server/cluster you are using, Compass may also connect to 3rd party services for maps in the schema analyzer and for feedback/analytics and crash reporting. No external services will try to connect to Compass.

system · November 7, 2021, 8:53am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.