Announced a new version of MongoDB: there will be security updates and fresh tools
MongoDB Inc. announced the next version of the open source database of the same name NoSQL - MongoDB 3.6. It presents new tools for developers and security updates. The latter is associated with a series of cyber attacks on companies using this DBMS.
The fact that the developers have changed, and what features have been implemented, we will describe below.
/ photo by Michael Mandiberg / CC
')
According to iDatalabs, 4.5% or 24 thousand companies use MongoDB as the main DBMS. At the same time among them there are major players in the IT sector. For example, the cloud platform Google Compute Engine uses MongoDB to develop scalable applications.
Also, Electronic Arts (EA) is working with this DBMS to scale the game FIFA Online 3 for millions of players. EA representatives point out that new MongoDB features will improve gaming experience.
The BelkaCar car-sharing service also uses MongoDB. Web-based service applications are deployed in the IT-GRAD cloud, and MongoDB helps to quickly solve cloud application tasks and is used to store raw data.
Throughout the year, MongoDB DBMSs were subjected to cyber attacks. The attackers got access to vulnerable systems, stole data and demanded ransom for them (in bitcoins). According to Niall Merrigan (Niall Merrigan), the total number of attacks in January exceeded 27 thousand. The attack in September struck 26 thousand systems.
However, experts emphasize that the reason for the “attacks” was not the vulnerability in MongoDB itself, but the unreliability of the default settings used in the attacked companies. The goals of the hackers were just incorrectly configured DBMS.
In this regard, the creators of MongoDB are releasing a new version with a security update. In addition, the update packaged new tools for developers and administrators.
Administrators will receive a new feature for maintaining lists of allowed applications. It allows you to automatically block incoming connections if their protocol or IP address has not been pre-approved.
Founder and CTO of MongoDB Europe Eliot Horowitz stressed that MongoDB will no longer be shipped out of the box with a vulnerable configuration. In the new version, only the local host is activated by default - so attackers and ransomware viruses will not be able to connect to the database. To go to the network will have to change the settings manually.
The new version of the DBMS also solves several other problems: it increases the speed, flexibility and security of operations. Among the new tools are the following:
hange streams . This tool automatically captures and translates changes from DBMS journals. APIs have been developed that transmit information about updates in real time using the new $ changeStream operator and the watch method. Previously, developers had to write separate code for this.
Retryable writes . It automatically repeats the database update operation if it is interrupted for some reason. This will help developers save time and reduce the number of failover scenarios by one. When used with recovery tools, Retryable Writes will provide almost continuous support for write operations.
The related function causal consistency allows users to “read” their records. In previous versions, this was not possible due to the distributed MongoDB architecture.
Compass . The tool will allow you to interact with MongoDB via a visual interface instead of the command line. This feature will come from the cloud version of the database - Atlas .
The official release of MongoDB 3.6 is scheduled for December 2017.
PS A few more articles from our corporate blog:
The fact that the developers have changed, and what features have been implemented, we will describe below.
/ photo by Michael Mandiberg / CC
')
According to iDatalabs, 4.5% or 24 thousand companies use MongoDB as the main DBMS. At the same time among them there are major players in the IT sector. For example, the cloud platform Google Compute Engine uses MongoDB to develop scalable applications.
Also, Electronic Arts (EA) is working with this DBMS to scale the game FIFA Online 3 for millions of players. EA representatives point out that new MongoDB features will improve gaming experience.
The BelkaCar car-sharing service also uses MongoDB. Web-based service applications are deployed in the IT-GRAD cloud, and MongoDB helps to quickly solve cloud application tasks and is used to store raw data.
Throughout the year, MongoDB DBMSs were subjected to cyber attacks. The attackers got access to vulnerable systems, stole data and demanded ransom for them (in bitcoins). According to Niall Merrigan (Niall Merrigan), the total number of attacks in January exceeded 27 thousand. The attack in September struck 26 thousand systems.
However, experts emphasize that the reason for the “attacks” was not the vulnerability in MongoDB itself, but the unreliability of the default settings used in the attacked companies. The goals of the hackers were just incorrectly configured DBMS.
In this regard, the creators of MongoDB are releasing a new version with a security update. In addition, the update packaged new tools for developers and administrators.
MongoDB 3.6 Features
Administrators will receive a new feature for maintaining lists of allowed applications. It allows you to automatically block incoming connections if their protocol or IP address has not been pre-approved.
Founder and CTO of MongoDB Europe Eliot Horowitz stressed that MongoDB will no longer be shipped out of the box with a vulnerable configuration. In the new version, only the local host is activated by default - so attackers and ransomware viruses will not be able to connect to the database. To go to the network will have to change the settings manually.
The new version of the DBMS also solves several other problems: it increases the speed, flexibility and security of operations. Among the new tools are the following:
hange streams . This tool automatically captures and translates changes from DBMS journals. APIs have been developed that transmit information about updates in real time using the new $ changeStream operator and the watch method. Previously, developers had to write separate code for this.
Retryable writes . It automatically repeats the database update operation if it is interrupted for some reason. This will help developers save time and reduce the number of failover scenarios by one. When used with recovery tools, Retryable Writes will provide almost continuous support for write operations.
The related function causal consistency allows users to “read” their records. In previous versions, this was not possible due to the distributed MongoDB architecture.
Compass . The tool will allow you to interact with MongoDB via a visual interface instead of the command line. This feature will come from the cloud version of the database - Atlas .
The official release of MongoDB 3.6 is scheduled for December 2017.
PS A few more articles from our corporate blog:
Source: https://habr.com/ru/post/342774/
All Articles