Security lacking in NoSQL


(Ericbrow) #1

As a former MS-SQL DBA, one of the main focuses of my job was in making sure the database was secure.

I appreciate how Neo4j has made some movement in this direction. While I am not as familiar with other NoSQL databases, I do know several other popular NoSQL databases lack many basic security features.

My proposal: develop a more granular security (read, write at least). Maybe these could be system level properties that can be set on the nodes and edges. Then phase 2, allow read/write access on different types of nodes or different types of relationships. In other DBMSs there are properties like this set at the system level that can still be queried by someone who has the permissions.

While Neo4j is ahead of the pack, you could further set yourself ahead by being one of the more security conscience NoSQL databases.