Speaker Deck

NoSQL Means No Security?

by Philipp Krenn

Published February 4, 2018 in Programming

New systems are always interesting targets since their security model couldn’t mature yet. NoSQL databases are no exception and had some lurid articles about their security, but how does their protection actually look like? We will take a look at three widely used systems and their unique approaches:
* MongoDB: Widely lampooned for publicly accessible databases, it actually provides an elaborate authentication and authorization system, which we will cover from a historic perspective and putting an emphasis on the current state.
* Redis: Security through obscurity or how you can rename commands.
* Elasticsearch: Groovy scripting has been a major headache, but the new, custom-built scripting language Painless tries to take the pain away — literally.