How to Enable Authentication on MongoDB

https://medium.com/mongoaudit/how-to-enable-authentication-on-mongodb-b9e8a924efac

1. Start MongoDB without authentication

That’s easy, as this is the default behavior.

2. Connect to the server using the mongo shell

            $ mongo mongodb://<host>:<port>

The port numberwill likely be 27017, but for additional security, you can always change it to a different one.

3. Create the user administrator

Change to the admin database:

    > use admin

You need to create a user with the userAdminAnyDatabase role, which grants the privilege to create other users on any existing database. The following example will create the useradmin user with password “thepianohasbeendrinking”:

> db.createUser(

  {

    user: "useradmin",

    pwd: "thepianohasbeendrinking",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

  }

)

Then disconnect from the mongo shell (Ctrl+D).

4. Enable authentication in mongod configuration file

Open /etc/mongod.conf with your favorite code editor and search for the following lines:

    security:

        authorization: "enabled"

หมายเหตุ : -ใน laragon อยู่ที่  mongodb/

                   -เพื่อความสะดวกในการเขียนโปรแกรมใน Notebook ให้ 

                         security:

                            authorization: "disabled"

                แต่ใน script กำหนด username/passord สำหรับการ connect ได้ เช่น

    $manager=new MongoDB\Driver\Manager("mongodb://root:testtest@localhost:27017");

    

    $db='aaa';

    $collection='a1';

    $query=new MongoDB\Driver\Query([]);

    $rows=$manager->executeQuery($db.'.'.$collection, $query);

    

    foreach($rows as $row) {

echo $row->_id.' ';

echo $row->fname.' ';

echo $row->lname.' ';

echo "<br>";

}