NoSQL Means No Security?
New systems are always attractive targets since their security model couldn’t mature yet. NoSQL databases are no exception and had some bad press about their security, but how does their protection look like? We will take a look at three widely used systems and their unique approaches:
- MongoDB: Widely criticized for publicly accessible databases and a frequent victim of ransomware. In reality, it provides an elaborate authentication and authorization system.
- Redis: Security through obscurity or how you can rename commands. And it features a unique tradeoff for binding to publicly accessible interfaces plus brand-new security features.
- Elasticsearch: Groovy scripting has been a constant headache, but the new, custom-built scripting language Painless tries to take the pain away literally. Plus, free TLS and role-based authentication to combat ransomware attacks.