Documentation - V-279331

Title

MongoDB must limit the total number of concurrent connections to the database.

Description

<VulnDiscussion>Database management includes the ability to control the number of users and user sessions utilizing a DBMS. Unlimited concurrent connections to the DBMS could allow a successful denial-of-service (DoS) attack by exhausting connection resources; and a system can also fail or be degraded by an overload of legitimate users. Limiting the number of concurrent sessions per user is helpful in reducing these risks. This requirement addresses concurrent session control for the total numb...

Fix Text (Documentation Requirement)

MongoDB can limit the total number of connections served by the mongod process by setting the following in the MongoDB configuration file (default location: /etc/mongod.conf): net: maxIncomingConnections: %int% Refer to the following documentation: https://www.mongodb.com/docs/manual/reference/configuration-options/ Products outside of MongoDB can be used to monitor database sessions and limit the maximum number of connections that can be made. Alternatively, most Unix-like operating systems, including Linux and macOS, provide ways to limit and control the usage of system resources such as threads, files, and network connections on a per-process and per-user basis. These ulimits prevent single users from using too many system resources. The following is the MongoDB docum...