What are Security Practices for NoSql databases

Question

I want to know what are the best practices to secure NoSql database like MongoDB. How is it possible? Any tips?

Welcome to Security.se, you question as formulated here is too broad. Could you refine your question with more details like: what did you already did, what is the architecture of your service (is it direct access to DB via internet, is it a server for an online application, ...), what data do you want to protect (user data, credit card number, ...). As is, this question is very likely to be closed. — M'vy, Mar 07 '13 at 09:29
Most like you should just read this: http://security.stackexchange.com/questions/7610/how-to-secure-a-mongodb-instance?rq=1 — Brendan Long, Mar 07 '13 at 16:38

score 2 · Accepted Answer · answered Mar 08 '13 at 19:49

For mongodb i have written this answer

First vulnerability similar to sql injection can be done in mongodb or nosql databases too. which would be mongodb injection.

Try to run mongodb on different port instead on default 27017 to avoid exposing. For official security practices you can always check out http://docs.mongodb.org/manual/administration/security/

It tell security practices that should be used with mongodb server.

Mongodb Injection :

its fully describes here for php how mongodb injection can take place in phpwebapp if client side data is not filtered properly. Also solution to mongodb injection too

http://www.idontplaydarts.com/2010/07/mongodb-is-vulnerable-to-sql-injection-in-php-at-least/

Mongodb Null byte injection attack

http://www.idontplaydarts.com/2011/02/mongodb-null-byte-injection-attacks/

This is also a type of attack that is well written on this site , Have a look how certain fields in mongo collection can be overwritten using this method can this can be done in any webapp.

Security by obscurity does not exist.....changing the port does not automatically protect the database. — Matthew Xerri, Nov 29 '13 at 11:48

What are Security Practices for NoSql databases

1 Answers1