On 26/03/2018 9:11 PM, John McKown wrote:
That's pretty much the same security model for all the NoSQL data bases
I've come across. Redis, MongoDB, Aerospike etc. In theory the database
servers should
be behind a firewall and secured but the reality can be quite shocking
https://www.theregister.co.uk/2017/01/09/mongodb/.
So NoSQL implies NoSecurity as well. And the "webbies" think this is
acceptable? I don't know whether to laugh (as the house implodes) or cry
(as my money disappears).
I think the general ROT for those kind of systems is that the network
defines security. All back-end services should be hidden behind firewalls
and not accessible to the outside world. It's a different world these
days where everything seems to run on docker images orchestrated by
something like kuebernetes and
secured by LDAP or whatever. Nobody dishes out userids unless you need
admin.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
