Editor’s Note: The first version of this post contained a section criticizing what appeared to be a major regression concerning dropDatabase and movePrimary commands. It was found out that it was merely a documentation error in the MongoDB 4.2 release notes, which is now fixed: https://jira.mongodb.org/browse/DOCS-12474. The “(In)Stability” section is now removed.
At Percona we’ve […]
Why do I need Network encryption?
In our previous blog post MongoDB Security vs. Five ‘Bad Guys’ there’s an overview of five main areas of security functions.
Let’s say you’ve enabled #1 and #2 (Authentication, Authorization) and #4 (Storage encryption a.k.a. encryption-at-rest and Auditing) mentioned in the previous blog post. Only authenticated users will be connecting, […]
Most any commercially mature DBMS provides the following five ways to secure the data you keep inside it:
Authentication of user connections (== Identity)
Authorization (== DB command permissions) (a.k.a. Role-based access control)
Network Encryption (a.k.a. Transport encryption)
Storage Encryption (a.k.a. Encryption-at-rest)
Auditing (MongoDB Enterprise or Percona Server for MongoDB only)
MongoDB is no exception. All of these have been […]
Read more
Mistakes can happen. If only we could go back in time to the very second before that mistake was made.
Act 1: The Disaster
Plain text version for those who cannot run the asciicast above:
Shell
akira@perc01:/data$ #OK, let’s get this party started!
akira@perc01:/data$ # The frontend has been shut down for 20 mins so they can
akira@perc01:/data$ # update […]
In my previous blog post “Percona’s View on MongoDB’s 4.2 Release – The Good, the Bad, and the Ugly…” I discussed the release of transaction support in sharded clusters, field-level encryption, search-engine integration, and the new update command syntaxes.
Those are all very important, but to me making MongoDB easier to use and removing technical […]
