MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Submitted
Categories Atlas
Created by Guest
Created on Nov 11, 2020

RELATED FEEDBACK

domain names in access whitelist

Allow domain names in whitelist for IP address. (And rename whitelist to allowlist). I have a server (app) on heroku. It has a domain name. I don't have a dedicated ip address range. But if I could put my domain name in (myapp.herokupapp.com or myapp.com if I get that name from godaddy), then when my server connects, you could do a DNS lookup of the domain names in the whitelist, and allow connection from those. And then, my app, and many others would be more secure. People could also use dynamic dns to support connections from their home computers, more securely. I've seen some traffic about mongodb databases being hacked, though their security was weak, I think a quick effort on this could add a lot of security for a lot of people. Security matters.
  • Attach files
  • Guest
    Apr 29, 2021
    As we are working from home more and more with Dynamic IP addresses, we need this feature more to enable us access to the database without problem
    Reply
  • Guest
    Nov 14, 2020
    Andrew (Admin, MongoDB) : commented -Unfortunately at the TCP layer we will only see the source IP address of the request and not your domain. I'd love to have a call with your developers and explain how you can use DNS to lookup the IP address of the domain name I put into the white list, at the time that the server tries to open a connection, and then verify that IP address with the IP address in the source IP address in the layer 2 header. And you said: - many customers do open up to 0.0.0.0/0 It can be done, and it would be valuable to a lot of people. I hope you will bring this up with product management.
    Reply
  • Guest
    Nov 14, 2020
    Hi David, Unfortunately at the TCP layer we will only see the source IP address of the request and not your domain. However, please note that MongoDB Atlas requires security in depth including database level authentication on top of the IP Access List (we have already changed the name of this capability in the UI btw). Selective IP Access List management is a best practice but many customers do open up to 0.0.0.0/0 and take care to ensure their database cluster passwords are securely managed. Another option is to procure a static IP address or leverage VPC peering. -Andrew
    Reply