If it is binded to 0.0.0.0, any user can connect to my database from remote.
When they connect to the database without a password, they cant see databases or collections but can run scripts. Even if they cant read or write to database, this is a security risk even if they can run simple scripts they can consum cpu etc…
Am I missing something? I tried a lot of parameters. I want only authenticated people to connect to the database.
I’d like to turn that question around. What if you deliberately restrict everyone from connecting to the database?
Of course this depends on your use case. However, if the goal is to provide data access to many people in a limited context (e.g. they’re not DBAs), then how about creating an e.g. REST API interface in front of the database? This way, you can put the database behind very secure firewall, and only allow connection from the REST API app. As a bonus, it can act as a shield since it’s not possible for people to accidentally call db.collection.drop() unless your API allows it.