NoSQL Benchmarks NoSQL use cases NoSQL Videos NoSQL Hybrid Solutions NoSQL Presentations Big Data Hadoop MapReduce Pig Hive Flume Oozie Sqoop HDFS ZooKeeper Cascading Cascalog BigTable Cassandra HBase Hypertable Couchbase CouchDB MongoDB OrientDB RavenDB Jackrabbit Terrastore Amazon DynamoDB Redis Riak Project Voldemort Tokyo Cabinet Kyoto Cabinet memcached Amazon SimpleDB Datomic MemcacheDB M/DB GT.M Amazon Dynamo Dynomite Mnesia Yahoo! PNUTS/Sherpa Neo4j InfoGrid Sones GraphDB InfiniteGraph AllegroGraph MarkLogic Clustrix CouchDB Case Studies MongoDB Case Studies NoSQL at Adobe NoSQL at Facebook NoSQL at Twitter



NoSQL security: All content tagged as NoSQL security in NoSQL databases and polyglot persistence

Secure HBase Access Control: A Step Towards Better Security and NoSQL-as-a-Service

From Trend Micro guys:

Enter Secure HBase. Secure HBase adds support for table and column family ownership and access control. Secure HBase builds on recent development work in the Hadoop and HBase community, specifically:

  • First, we built on the Kerberos support that’s recently been been contributed by Yahoo! to Hadoop
  • Secondly, we implemented a Coprocessor Framework that lets HBase administrators load custom code that runs on HBase regionservers. We’ve submitted our own implementation for community review;
  • Finally, we have contributed our own Coprocessor, named AccessController, which enforces access control. This has also been submitted for community review at: ☞ “Coprocessor based simple access control” (HBASE-3025).

The (long) post provides a lot of details about the implementation and various other aspects of this solution.

Leaving aside for now the HBase Coprocessor Framework hidden gem, not only is this acknowledging NoSQL databases need better security, but this could be an important aspect of NoSQL as a Service.

Original title and link: Secure HBase Access Control: A Step Towards Better Security and NoSQL-as-a-Service (NoSQL databases © myNoSQL)


MongoDB and Security via Diaspora

When asked why MongoDB is using their own query language instead of SQL, the answer was that using JSON for both data and queries made more sense. Plus, it helped avoid injection attacks. As showed by Patrick McKenzie’s post on recently released Diaspora, turns out this is not quite true:

Diaspora uses MongoDB, one of the new sexy NoSQL database options. I use a few myself. They have a few decades less experience getting exploited than the old relational databases you know and love, so let’s start: I claim this above code snippet gives me full read access to the database, including to serialized encryption keys.

The conclusion is quite obvious: as long as developers continue to use string concatenation and interpolation, the query language doesn’t really matter. So you might be better off with something that people feel familiar with.

Original title and link: MongoDB and Security via Diaspora (NoSQL databases © myNoSQL)


CouchDB: SSH Tunneling into CouchDB's Futon

During the development and administration of your CouchDB server and application you may wish to access the “Futon” interface, or interact with the data store from the local machine. This guide shows you how to connect to your CouchDB instance in a secure manner using an SSH tunnel.

As long as you cannot use https, this might be a good solution.

Original title and link: CouchDB: SSH Tunneling into CouchDB’s Futon (NoSQL databases © myNoSQL)


CouchDB Security

Recently, Jeff Darcy has brought up the discussion of NoSQL databases security. A recent post on Couchio blog is covering in detail the CouchDB security aspects like authentication and authorization, “admin party”, access control lists and roles, validation functions:

The CouchDB security model is based around the premise that Rebecca can control who can create documents of what form into which database inside CouchDB. It does not try to make CouchDB and all the data she and others put in is absolutely water-tight and doesn’t leak any information. Although you can lock CouchDB as much down as you need, open and sharable databases are the default and it is a good thing.

Original title and link for this post: CouchDB Security (published on the NoSQL blog: myNoSQL)


Quick Intro to CouchDB Security

Learn how to protect your CouchDB databases:

Just recently CouchDB has seen a security vulnerability, fixed by the CouchDB 1.0.1 release. While there is no direct connection between this tutorial on CouchDB security and the mentioned security vulnerability, the important thing to remember is: security should always be an educated decision.

Original title and link for this post: Quick Intro to CouchDB Security (published on the NoSQL blog: myNoSQL)

NoSQL Databases and Security

Jeff Darcy writes about NoSQL systems’ security (actually the lack of):

Most NoSQL stores have no concept of security. […] Mostly it falls into two categories: encryption and authentication/authorization (collectively “auth”). For encryption, there’s a further distinction to be made between on-the-wire and at-rest encryption.

As far as I know:

  • CouchDB supports authentication/authorization
  • Yahoo! recently contributed to Hadoop an authentication module based on Kerberos and SASL

What about the others?

NoSQL Databases and Security originally posted on the NoSQL blog: myNoSQL


5 Years Old Hadoop Celebration at Hadoop Summit, Plus New Tools

I didn’t realize Hadoop has been so long on the market: 5 years. In just a couple of hours, the celebration will start at ☞ Hadoop Summit in Santa Clara.

Yahoo!, the most active contributor to Hadoop, will ☞ open source today two new tools: Hadoop with Security and Oozie, a workflow engine.

Hadoop Security integrates Hadoop with Kerberos, providing secure access and processing of business-sensitive data.This enables organizations to leverage and extract value from their data and hardware investment in Hadoop across the enterprise while maintaining data security, allowing new collaborations and applications with business-critical data.

Oozie is an open-source workflow solution to manage jobs running on Hadoop, including HDFS, Pig, and MapReduce. Oozie — a name for an elephant tamer — was designed for Yahoo!’s rigorous use case of managing complex workflows and data pipelines at global scale. It is integrated with Hadoop Security and is quickly becoming the de-facto standard for ETL (extraction, transformation, loading) processing at Yahoo!.

Update: It looks like the news are not stopping here, Cloudera making ☞ a big announcement accompanying the new release of Cloudera’s Distribution for Hadoop CDHv3 Beta2:

The additional packages include HBase, the popular distributed columnar storage system with fast read-write access to data managed by HDFS, Hive and Pig for query access to data stored in a Hadoop cluster, Apache Zookeeper for distributed process coordination and Sqoop for moving data between Hadoop and relational database systems. We’ve adopted the outstanding workflow engine out of Yahoo!, Oozie, and have made contributions of our own to adapt it for widespread use by general enterprise customers. We’ve also released – this is a big deal, and I’m really pleased to announce it – our continuous data loading system, Flume, and our Hadoop User Environment software (formerly Cloudera Desktop, and henceforth “Hue”) under the Apache Software License, version 2.

Also worth mentioning, going forward Cloudera will also have a commercial offering: ☞ Cloudera Enterprise:

Cloudera Enterprise combines the open source CDHv3 platform with critical monitoring, management and administrative tools that our enterprise customers have told us they need to put Hadoop into production. We’ve added dashboards for critical IT tasks, including monitoring cluster status and activity, keeping track of data flows into Hadoop in real time based on the services that Flume provides, and controlling access to data and resources by users and groups. We’ve integrated access controls with Active Directory and other LDAP implementations so that IT staff can control rights and identities in the same way as they do for other business platforms they use. Cloudera Enterprise is available by annual subscription and includes maintenance, updates and support.