VBI-7045 NoSQL Means No Security? | Devoxx
DEVOX

Home > All Quickie Sessions > Thursday > See all Quickie Sessions for this day

NoSQL Means No Security?

Quickie Sessions

security Security

Room 3

 Thursday from 12:50 PM til 1:05 PM

New systems are always interesting targets since their security model couldn’t mature yet. NoSQL databases are no exception and had some bad press about their security, but how does their protection actually look like? We will take a look at three widely used systems and their unique approaches:

  • MongoDB: Widely criticized for publicly accessible databases and a common victim of ransomware. Actually, it provides an elaborate authentication and authorization system, which we will cover from a historic perspective and put an emphasis on the current state.
  • Redis: Security through obscurity or how you can rename commands. And it features a unique tradeoff for binding to publicly accessible interfaces.
  • Elasticsearch: Groovy scripting has been a constant headache, but the new, custom-built scripting language Painless tries to take the pain away literally.
 NoSQL    security    redis    Elasticsearch  
Philipp Krenn Philipp Krenn

Philipp is part of the infrastructure team and a developer advocate at Elastic. He is frequently talking about full-text search, databases, operations, and security. Additionally, he is organizing multiple meetups in Vienna.