Last week, I was working on the MongoDB hardening for one of our clients. The client is using a hybrid setup of the MongoDB wherein the SIT uses a standalone replica set, but both UAT and PROD uses a typical replication setup where they have dedicated servers for the primary, secondary and the arbiter members.
Firstly, I look at the official documentations of Sitecore to look for approach on how to do this but no luck, second I look at articles I could find over the internet and thankfully found this article to get me started with the authentication and to validate my approach, the article only describe how to create authentication so note that this is not the case for the replica setup which I would describe a little bit further in this series.
In summary, this series would cover the following topics:
- How to create and configure authentication to a MongoDB standalone replica set
- How to enable internal authentication for your replica set and disable bypass authentication via localhost exception
- Sitecore Configuration Encryption/Hardening (Connectionstring.config)
- Enable Secure Configuration Options “logAppend”