Ecommerce Blog Filters
Picture for blog post Safety in MongoDB and cross-platform e-commerce
21 May

Safety in MongoDB and cross-platform e-commerce

Safety is one of the most crucial topic in online store management. We can divide security into - GrandNode security and MongoDB security. I will describe this two areas independently. The most easiest things which you can do in your store is to secure GrandNode. 

Starting from updating it to the newest version, ending on password management in running store. You should be aware of the consequences of ignoring the following tips. When we talk about GDPR and everyone talks about the protection of personal data, a secure store is the key, because the privacy policy will not help when the store is unsecured.

Prestented examples of actions, are not hard to implement. They can be implemented by beginner users, so let's read and start to secure your e-commerce. 

Localhost as default bind IP Address

In the MongoDB 3.6 to improve the security of database server, developers implemented a new bind IP address. Instead of 0.0.0.0 you will have a localhost/127.0.0.1 IP Address to avoid undesirable connections.

Before, the first step during MongoDB configuration, was to change the Bind IP Address in MongoDB config file. Now, it's used by default. As MongoDB developers say, it was a key feature for them to improve safety of MongoDB database servers. 

IP Whitelisting for Authentication

If you enable whitelisting in MongoDB, it will be a much harder to break all your safety walls. According to MongoDB documentation, if you will enable it and configure authentication requirements for specified user, it will have to meet all of that requirements. Otherwise, the authentication will be rejected immediately. 

Below you can find a simple example provided in MongoDB Docs.

For example here is how a document attached to a database user or role can be set to only allow 192.168.17.6 clients to connect. Beyond that it can be set to only connect to the services listening in 10.10.10.0/24. Using the following syntax an IP must be matched during authentication to login.

authenticationRestrictions: [{
  clientSource: [“192.168.17.6”, “127.0.0.1”]
  serverAddress: [“10.10.10.0/24”, “127.0.0.1”]
}]

Role-Based Access Control

Create a user administrator first. You should start from this point. Then, when you've created a global adminitrator user, you can create additional users to manage each database. The MongoDB documentation recommend to use a unique user for each person or application that accesses the system. So it's important to create a unique user for each GrandNode store.

It's also important, but mostly not used, to create roles and define specified, limited access for each user. More information can be found in official MongoDB documentation here.

Encrypt communication in your store

You should configure your store and MongoDB to use SSL. It's one of the mosts important things now, when Google Chrome started to mark website without SSL as dangerous for our computers. If you don't want to purchase a certificate, you can try to use free Let's Encrypt SSL for your store.

Probably, if Google Chrome started to fight with the sites without SSL certificate, rest of browsers will do the same thing. 

Don't be afraid, MongoDB also supports the SSL connection.

Password lifetime and PCI Compliance 

It's feature available from GrandNode 3.90. To meet the PCI Compliance requirements, we need to implement a few features related with password creation and management. 

All settings related with it, can be found in "Admin panel -> Configuration -> Settings -> Customer settings". 

Password lifetime and password management

It's important for admin users to keep their passwords regularly updated. 

You can set the password minimum length, lifetime, number of unduplicated password numbers, maximum login failures. It's one of the most important parts of the PCI DSS compliance. 

Updated GrandNode

It's always necessary to keep the software updated. Each version contains new features, bug fixes. E-commerce is constantly evolving, its dark side also. Your store can't be still in the same place, you need to move forward as the rest of the industry. As you can see, our e-commerce software is still growing, we are publishing new versions after each few months. 

Leave your comment

back to top
Filters