From f521ebca5629df7d5262e20ed9e3a6ae7a7b1290 Mon Sep 17 00:00:00 2001
From: David Dooling <david.dooling@docker.com>
Date: Wed, 20 Dec 2023 11:30:22 -0600
Subject: [PATCH] mongo: add security section

Closes docker-library/mongo#656.
---
 mongo/content.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mongo/content.md b/mongo/content.md
index c586238bd8ee..6e1caa11f2a1 100644
--- a/mongo/content.md
+++ b/mongo/content.md
@@ -8,6 +8,10 @@ First developed by the software company 10gen (now MongoDB Inc.) in October 2007
 
 %%LOGO%%
 
+# Security
+
+By default Mongo's configuration requires no authentication for access, even for the administrative user. See the "`MONGO_INITDB_ROOT_USERNAME`, `MONGO_INITDB_ROOT_PASSWORD`" section below for information on how to begin securing Mongo and the [MongoDB Security documentation](https://www.mongodb.com/docs/manual/security/) for more detail.
+
 # How to use this image
 
 ## Start a `%%REPO%%` server instance
@@ -46,7 +50,7 @@ The MongoDB Server log is available through Docker's container log:
 $ docker logs some-%%REPO%%
 ```
 
-## Configuration
+# Configuration
 
 See the [MongoDB manual](https://docs.mongodb.com/manual/) for information on using and configuring MongoDB for things like replica sets and sharding.