1
00:00:02,410 --> 00:00:04,560
That's it for this module.

2
00:00:04,630 --> 00:00:09,610
Now in this module, we talked about security and obviously, security is more than what I talked about

3
00:00:09,610 --> 00:00:14,680
in this module but this course is also for you as a developer and therefore, I want to touch on the things

4
00:00:14,860 --> 00:00:17,920
that are important for you to understand as a developer.

5
00:00:17,920 --> 00:00:24,000
Other things are important for database administrators and these things go beyond the scope of mongodb

6
00:00:24,000 --> 00:00:29,910
even, securing something like the network itself is something where mongodb can really help you.

7
00:00:29,950 --> 00:00:35,740
Now for mongodb developers, it's important to understand that you work with users and roles in mongodb

8
00:00:35,740 --> 00:00:36,320
.

9
00:00:36,430 --> 00:00:42,360
and I can't stress this enough that users here does not mean the users, the customers of your application

10
00:00:42,520 --> 00:00:48,190
but instead it means the application itself or data scientists or the database administrators,

11
00:00:48,280 --> 00:00:54,970
so the different users or parties that do interact directly with your database and there, mongodb

12
00:00:55,000 --> 00:01:01,480
uses as a role based access control approach to control who's able to do what. You create users on

13
00:01:01,480 --> 00:01:07,120
databases and you can then log in with your credentials as a user against those databases and you can

14
00:01:07,120 --> 00:01:13,570
use the admin database for generally global users you could say or you can even say this user should

15
00:01:13,570 --> 00:01:19,270
log in against a shop database to make it really clear that this user is meant to mostly work or

16
00:01:19,270 --> 00:01:26,690
only work with the shop database. And talking about that, users by default have no rights to do anything,

17
00:01:26,760 --> 00:01:32,780
you need to add roles to allow certain operations and the permissions that are granted by those roles,

18
00:01:33,000 --> 00:01:37,780
also called privileges are only granted for the database the user was added to

19
00:01:37,810 --> 00:01:44,860
unless and you saw that in this module too, unless you explicitly grant access to other databases with this more

20
00:01:44,880 --> 00:01:49,380
verbose approach of describing a role where you had the real name and the database to which it

21
00:01:49,380 --> 00:01:56,640
applies, then a user that was added to a database can even work on a different database.

22
00:01:56,680 --> 00:02:01,870
You could also use these any database roles you saw for cross database access which typically do

23
00:02:01,990 --> 00:02:05,260
for your global user manager or anything like that.

24
00:02:06,280 --> 00:02:13,060
Now we also had a brief look at encryption and there, we can encrypt both data during transportation,

25
00:02:13,090 --> 00:02:21,340
so whilst it's on its way over the wire and at rest. During transportation, we use TLS SSL to encrypt

26
00:02:21,380 --> 00:02:25,620
that data with the help of that SSL certificate and for production,

27
00:02:25,660 --> 00:02:29,630
you should not use a self-signed certificate as we did in this module

28
00:02:29,710 --> 00:02:36,880
but you should get one, buy one most likely from a SSL certificate authority and then use that along

29
00:02:36,880 --> 00:02:42,640
with that CA file you get to lock down your server and connect to it safely.

30
00:02:42,640 --> 00:02:49,030
Now for encryption at rest, you can encrypt both the files that hold your data and that is made simple with

31
00:02:49,030 --> 00:02:52,930
mongodb enterprise and the values inside your documents,

32
00:02:52,930 --> 00:02:54,400
this is also possible.

33
00:02:54,490 --> 00:03:01,930
So you can encrypt both the values inside your document is something you have to do on your own as a developer

34
00:03:02,140 --> 00:03:09,250
and we will see that in the from shell to driver module of this course. The other part is something you can easily

35
00:03:09,250 --> 00:03:11,750
add with them mongodb Enterprise Edition

36
00:03:11,800 --> 00:03:16,150
and again as I mentioned, you find a link to that in the last lecture of this module.

37
00:03:16,150 --> 00:03:19,140
So with that, I hope you feel a bit more secure now.