Security Vulnerabilities and Security challenges of NoSQL Database:
Given the wide variety of NoSQL databases, it is necessary to pay attention to the generic weaknesses of these models and, in each particular case, apply the necessary measures in each particular implementation. Comparing with relational databases we can summarize the following security fields:
The strength of authentication is one of the battlefields where many NoSQL implementations show weakness. It is common to find that NoSQL databases incorporate credentials by default, or even no authentication required or disabled (for example, Redis). In many cases they are based on trusted environments rather than user authentication. Depending on the software it will always be a fundamental point to check.
Following a philosophy where availability and performance prevail, data integrity is penalized. For this reason, it is necessary to frequently use complementary mechanisms outside the database engine to ensure integrity.
Confidentiality and encryption in storage:
In general, the data is stored in plain text and with few exceptions such as Cassandra and its Transparent data encryption technology, there are no built-in encryption mechanisms. In most cases, it is still necessary to delegate encryption to processes at the application layer or the file system itself.
Most NoSQL databases lack their own robust data auditing mechanisms, which are very important when detecting possible attacks by observing events on specific records as is done in relational databases.
The use of encryption and SSL protocol is common in relationship databases, on the other hand, in NoSQL systems it is generally disabled by default, it is optional (for example Cassandra), or a specific configuration is necessary in the installation (MongoDB).
Classic database vulnerabilities: Even more injection:
NoSQL is increasingly present in current database technologies and faces great challenges to deal with security problems that sooner or later must reinforce.
Consider Reading to these articles: