Sunday, November 29, 2020
dbametrix
More
    Home Database News nosql Security Vulnerabilities

    nosql Security Vulnerabilities

    Article explain in detail of NoSQL database security challenges and how to find out Vulnerabilities.

    Security Vulnerabilities and Security challenges of NoSQL Database:

    Given the wide variety of NoSQL databases, it is necessary to pay attention to the generic weaknesses of these models and, in each particular case, apply the necessary measures in each particular implementation. Comparing with relational databases we can summarize the following security fields:

    Authentication:

    The strength of authentication is one of the battlefields where many NoSQL implementations show weakness. It is common to find that NoSQL databases incorporate credentials by default, or even no authentication required or disabled (for example, Redis). In many cases they are based on trusted environments rather than user authentication. Depending on the software it will always be a fundamental point to check.

    Data integrity:

    - Advertisement -
    dbametrix

    Following a philosophy where availability and performance prevail, data integrity is penalized. For this reason, it is necessary to frequently use complementary mechanisms outside the database engine to ensure integrity.

    Confidentiality and encryption in storage:

    In general, the data is stored in plain text and with few exceptions such as Cassandra and its Transparent data encryption technology, there are no built-in encryption mechanisms. In most cases, it is still necessary to delegate encryption to processes at the application layer or the file system itself.

    Data audit:

    Most NoSQL databases lack their own robust data auditing mechanisms, which are very important when detecting possible attacks by observing events on specific records as is done in relational databases.

    Communications security:

    The use of encryption and SSL protocol is common in relationship databases, on the other hand, in NoSQL systems it is generally disabled by default, it is optional (for example Cassandra), or a specific configuration is necessary in the installation (MongoDB).

    Classic database vulnerabilities: Even more injection:

    - Advertisement -
    dbametrix

    Finally, and emphasizing one of the most widely exploited aspects such as command injection, we must bear in mind that in NoSQL databases, requests and calls are executed by invoking the corresponding API formatted according to a common convention, usually JSON or XML. At this point, incorrect checking of input parameters can allow command execution when evaluated and handled in the corresponding API call. The injection possibilities and risks, when using an API with a procedural programming language, are even greater than in the case of relational databases where the typically declarative and much more limited sql language is used. NoSQL injection and javascript code are new vectors that broaden the attack surface on these databases

    NoSQL is increasingly present in current database technologies and faces great challenges to deal with security problems that sooner or later must reinforce.

    Consider Reading to these articles:

    - Advertisement -
    dbametrix

    1 COMMENT

    1. May be more vulnerabilities find out near future. I do not think any private telecom company prefers to switch on nosql. This is my thought. Anyway thanks for sharing nice detail article.

    Comments are closed.

    - Advertisment -
    dbametrix

    Most Popular

    Oracle Scheduler Jobs Example

    Blog post explains how to configure job scheduler in Oracle by example with how to manage, delete, drop, disable and enable jobs with how to check history of job if broken and enable.

    Identifying important information in Big Data

    The way in which Big Data technologies have evolved in the real word enterprise goes on to show that even technologists and scientists who might have disparaged the word (Big Data) previously

    Five Reasons Why Database Outsourcing

    The blog post explains why database outsourcing and remote dba support becomes most popular during present time of Covid-19 Pandemic.

    Hardware of Database Server

    The blog post explains how to choose best hardware of your database server for getting high performance and security.

    Recent Comments