Consistent NoSQL data storage with ModeShape (NoSQL Matters 2013)
Philipp Krenn - NoSQL Means No Security?
-
Upload
kevin-cross -
Category
Technology
-
view
21 -
download
1
Transcript of Philipp Krenn - NoSQL Means No Security?
![Page 1: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/1.jpg)
NoSQLMEANS no SECURITY?
Philipp Krenn̴̴̴̴@xeraa
![Page 2: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/2.jpg)
INFRASTRUCTURE | DEVELOPER ADVOCATE
![Page 3: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/3.jpg)
![Page 4: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/4.jpg)
![Page 5: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/5.jpg)
"MASSIVE RANSOMWARE ATTACK TAKES OUT 27,000 MONGODB SERVERS"
http://www.techrepublic.com/article/massive-ransomware-attack-takes-out-27000-mongodb-servers/, Jan 2017
![Page 6: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/6.jpg)
Bound to all interfaces by default?
![Page 7: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/7.jpg)
Authentication enabled by default?
![Page 8: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/8.jpg)
SCRAM-SHA-1 >=3.0CONFIGURABLE iterationCount
SALT PER USER INSTEAD OF SERVERSHA-1 INSTEAD OF MD5
SERVER AUTHENTICATES AGAINST THE CLIENT AS WELL
![Page 9: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/9.jpg)
![Page 10: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/10.jpg)
Protected Mode >=3.2ANSWER LOCAL QUERIES
RESPOND WITH A MESSAGE TO REMOTE
![Page 12: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/12.jpg)
AUTH <password> COMMAND
PLAIN-TEXT PASSWORD IN redis.confNO (BUILT-IN) TLS OR RATE LIMITS
![Page 13: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/13.jpg)
Hiding Commands
![Page 14: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/14.jpg)
rename-command CONFIG mysecretconfigname
rename-command CONFIG ""
![Page 15: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/15.jpg)
![Page 16: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/16.jpg)
HTTPS://WWW.ELASTIC.CO/COMMUNITY/SECURITYCVE-2014-3120 (6.8): Dynamic scriptingCVE-2014-6439 (4.3): CORS misconfigurationCVE-2015-1427 (6.8): Groovy sandbox escapeCVE-2015-3337 (4.3): Directory traversalCVE-2015-4165 (3.3): File modificationsCVE-2015-5377 (5.1): RCE related to GroovyCVE-2015-5531 (5.0): Directory traversal
![Page 17: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/17.jpg)
HTTPS://WWW.ELASTIC.CO/COMMUNITY/SECURITYCVE-2014-3120 (6.8): Dynamic scriptingCVE-2014-6439 (4.3): CORS misconfigurationCVE-2015-1427 (6.8): Groovy sandbox escapeCVE-2015-3337 (4.3): Directory traversalCVE-2015-4165 (3.3): File modificationsCVE-2015-5377 (5.1): RCE related to GroovyCVE-2015-5531 (5.0): Directory traversal
![Page 18: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/18.jpg)
"WHY BUILD A BRAND NEW LANGUAGE WHEN THERE ARE ALREADY SO MANY TO CHOOSE
FROM?"https://www.elastic.co/blog/painless-a-new-scripting-language
![Page 19: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/19.jpg)
Painless GoalsSECURE & PERFORMANT
![Page 20: Philipp Krenn - NoSQL Means No Security?](https://reader031.fdocuments.us/reader031/viewer/2022022415/5a65e28a7f8b9aaf638b5719/html5/thumbnails/20.jpg)
Thanks!QUESTIONS?
Philipp Krenn̴̴̴̴̴@xeraa