
Data stored in Mongodb database either with or without credentials while authentication is enabled

The Problem is When I connect either with username and pass or without them the connections get established! and data are stored in both cases

I tried the steps below:

  1. Opened Mongodb Compass Shell and CONNECT
  2. Used Mongosh in the dark strip at the bottom of the GUI
  3. Run use admin
  4. Run db.dropAllUsers() - to clean the users data
  5. Run
user: "Admin",
pwd: "myNewPassword",
roles: [ { role: "userAdminAnyDatabase", db: "posts" } ]

-to create a username and password and assign a role (based on Mongodb Docs) 6. Disconnected from the database via GUI Menu bar (Connect Button > Disconnect) 7. Didn't find the /etc/mongod.conf path so I managed to find a so-called file somewhere else(no idea if it is the right one): C:\Program Files\MongoDB\Server\6.0\bin\mongod.cfg 8. I entered

  authorization: "enabled"

Under #security: section

  1. I tried both cases mongoose.connect("mongodb://") and mongoose.connect("mongodb://Admin:myNewPassword@localhost:27017/posts")

Both were connected successfully and in either cases data were stored in Databse!

*to be clearer My expected behavior was that the connection would have been failed in the first case! And data not stored in the database *



  • Found where the problem is! I had not restarted the MongoDB Server to have authorizations take effects! So I restarted MongoDB server in windows Services!