db.__proto__.dropDatabase = () => console.log('Dropping databases is not authorized')
However, I would recommend against overriding prototype methods as that might cause the shell to behave unexpectedly.
The best and most secure way to prevent someone (or yourself) from dropping a database is to not give them dbAdmin role. Even when overriding the dropDatabase helper, it’s still possible to drop a database with:
Indeed you are right.
About the security issues, the dropDatabase() in this case is to some legacy really old Mongo automation that won’t cause any risk in production.
But as we’re upgrading Mongo, we’ll take into consideration.
Thanks Massimiliano.