security: All content tagged as security in NoSQL databases and polyglot persistence
Speaking about the buzz around Dataguise’s field-level encryption for Apache Hadoop and their 10 best practices for securing sensitive data in Hadoop, after the break1, you can find the “Hadoop Security Design” paper written by a team at Yahoo.
If you take a look at the topic of security in the NoSQL context, you’ll notice that things are far from being perfect. So, any contributions in this area are welcome. Patrik Karlsoon added a couple of network exploration Nmap scripts for Riak, Redis, and Memcached. And while these will not help much with security they might proove useful for managing your NoSQL deployments:
Added the script riak-http-info that lists version and statistics information from the Basho Riak distributed database.
Added the script memcached-info that lists version and statistics information from the distributed memory object caching service memcached
Added the script redis-info that lists version and statistic information gathered from the Redis network key-value store.
Added the redis library and the script redis-brute that performs brute force password guessing against the Redis network key-value store.
Original title and link: Nmap Scripts for Riak, Redis, Memcached ( ©myNoSQL)
Jeff Darcy has written a while back about the (lack of) security in NoSQL database. Unfortunately things haven’t changed much and if you check the NoSQL + Node.js applications I’ve posted lately you’ll notice that some of them are completely ignoring security.
And there are some people realizing the risks and starting to express their concerns:
Playing with MongoDB lately, I’m getting scared. Because I’m seeing some really bad practices out there. Seeing it in live code. In tutorials.
Because of this, defenses against SSJS injection are also similar to SQL injection defenses:
- Validate user input used in SSJS commands with regular expressions.
Remember there’s no such thing as security through obscurity.