Skip to content

How can we improve the platform?

← Atlas

domain names in access whitelist

Allow domain names in whitelist for IP address. (And rename whitelist to allowlist).

I have a server (app) on heroku. It has a domain name. I don't have a dedicated ip address range. But if I could put my domain name in (myapp.herokupapp.com or myapp.com if I get that name from godaddy), then when my server connects, you could do a DNS lookup of the domain names in the whitelist, and allow connection from those. And then, my app, and many others would be more secure. People could also use dynamic dns to support connections from their home computers, more securely.

I've seen some traffic about mongodb databases being hacked, though their security was weak, I think a quick effort on this could add a lot of security for a lot of people.

Security matters.

6 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

David shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Armin commented  ·   ·  Report

    As we are working from home more and more with Dynamic IP addresses, we need this feature more to enable us access to the database without problem

  • David commented  ·   ·  Report

    Andrew (Admin, MongoDB) : commented
    -Unfortunately at the TCP layer we will only see the source IP address of the request and not your domain.

    I'd love to have a call with your developers and explain how you can use DNS to lookup the IP address of the domain name I put into the white list, at the time that the server tries to open a connection, and then verify that IP address with the IP address in the source IP address in the layer 2 header.

    And you said:
    - many customers do open up to 0.0.0.0/0

    It can be done, and it would be valuable to a lot of people. I hope you will bring this up with product management.

  • AdminAndrew Davidson (VP, Cloud Products, MongoDB) commented  ·   ·  Report

    Hi David,

    Unfortunately at the TCP layer we will only see the source IP address of the request and not your domain.

    However, please note that MongoDB Atlas requires security in depth including database level authentication on top of the IP Access List (we have already changed the name of this capability in the UI btw).

    Selective IP Access List management is a best practice but many customers do open up to 0.0.0.0/0 and take care to ensure their database cluster passwords are securely managed.

    Another option is to procure a static IP address or leverage VPC peering.

    -Andrew

Atlas: Other

Categories

Feedback and Knowledge Base

(thinking…)