By Richard Pajerski | 2/15/23 1:46 AM | Infrastructure - Sametime | Added by Roberto Boccadoro
The thrust of this post is on securing the server itself, and more specifically the MongoDB portion where chat histories, contact lists and other details are stored. HCL supports MongoDB versions 4.2 and higher on a best effort basis and I'm using version 6.0.4 on CentOS 8 for purposes of this post. Here's what worked for me.
After installing, we configure our Sametime database using the MongoDB Shell; upon first connecting, there's no prompt for a password and we're plainly told:
"Access control is not enabled for the database. Read and write access to data and configuration is unrestricted"
Well, that's not good. It was now possible to connect using mongosh and fully control the server *from anywhere, without a password*... :-(