back to article Microsoft makes cheeky bid for MongoDB devs on Azure security grounds

Microsoft is attempting to capitalise on a recent spate of ransom attacks on unsecured MongoDB instances by encouraging developers to switch to working with its own Azure-based DocumentDB system. The free version of MongoDB ships with the default TCP port 27017, and with so many administrators failing to run port to change it …

FAIL

"... with so many administrators failing to run port to change it ..."

Isn't it a question of how many MongoDB database admins are suitable for the job?

6
0
Silver badge

Change the port, put it behind firewall rules, and, uh, passwords??

3
0
Silver badge
Mushroom

Meh

I think asking the next door neighbour's kids to look after your data is safer than using Mongo DB. But as hipsters all we care about is: is it JSON and webscale?

The end of the world isn't far off.

5
1
Silver badge

Re: Meh

The problem is not taking security seriously enough to properly design and implement your system. MongoDB's defaults do not help but they are easily reconfigured if you bother to learn what you are doing. This is not different for any other db system; learn how to secure it and learn how properly sanitize data and most of the problems disappear.

Also, remember it is Slurp making the pitch who is a notorious data guzzler and also prone to security theater.

5
2
Trollface

Re: Meh

Have an up vote for the webscale reference. For anybody who has not seen it (NSFW): YouTube Link

3
0
Silver badge

Re: Meh

The problem is not taking security seriously enough to properly design and implement your system.

As if that were the only problem with the DB. But, hey, now you can connect the browser client directly with the server DB for better performance. If you're worried about security, you'll never be a hipster!

0
0

MongoDB

Yes, the auth approach in mongo is a pain in the arse, but why change the port? Just don't open it up to the whole world. If you allow connections from anywhere to your DB you're going to suffer regardless of tech.

5
0

I have to admit to having never liking the mongoDB approach... it seems so ill conceived to begin with. It is like "here is our great but should never be implemented ideas, implemented by half-brain dead monkeys", the thing I doubt is that Microsoft's DocumentDB is going to be any better a concept, tho will probably at least be more secure.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017