The new version of MongoDB announced: there will be a security update and fresh tools
MongoDB Inc. has announced the next version of the open-source NoSQL database of the same name - MongoDB 3.6. It introduces new tools for developers and security updates. The latter is associated with a series of cyberattacks against companies using this DBMS.
We will talk about what developers have changed and what features they have implemented. / photo by Michael Mandiberg / CC According to iDatalabs, 4.5% or 24 thousand companies use MongoDB as their main DBMS. Moreover, among them there are large players in the IT sector. For example, the Google Compute Engine cloud platform employs MongoDB to develop scalable applications. Also works with this DBMS
Electronic Arts (EA) to scale FIFA Online 3 to millions of players. EA spokespersons note that new MongoDB features will enhance the gaming experience.
BelkaCar car sharing service also uses MongoDB. Web applications of the service are deployed in the IT-GRAD cloud, and MongoDB helps to quickly solve the problems of cloud applications and is used to store raw data.
Throughout the year, MongoDB DBMSs have been exposed to cyber attacks. Attackers gained access to vulnerable systems, stole data and demanded a ransom for them (in bitcoins). According to Niall Merrigan, the total number of attacks in January exceeded 27 thousand. The attack in September hit 26 thousand systems.
However, experts emphasizethat the cause of the “attacks” was not the vulnerability in MongoDB itself, but the unreliability of the default settings used by the attacked companies. The goals of the hackers were only incorrectly configured DBMSs.
In this regard, the creators of MongoDB are releasing a new version with a security update. Additionally, new tools for developers and administrators were “packaged” in the update.
Administrators will receive a new function for maintaining lists of allowed applications. It allows you to automatically block incoming connections if their protocol or IP address has not been previously approved.
MongoDB Europe founder and CTO Eliot Horowitz emphasized that MongoDB will no longer ship out of the box with a vulnerable configuration. In the new version, only the local host is activated by default - this way attackers and ransomware viruses will not be able to connect to the database. To switch to working on the network, you will have to change the settings manually.
The new version of the DBMS also solves several other problems: it increases the speed, flexibility and security of operations. Among the new tools are the following:
Change streams . This tool automatically captures and translates changes from DBMS logs. APIs were developed that transmit real-time update information using the new $ changeStream operator and watch method. Previously, developers had to write separate code for this.
Retryable writes . It automatically repeats the database update operation if it is interrupted for some reason. This will help developers save time and reduce the number of failover scenarios by one. When using together with recovery tools, Retryable Writes provide nearly continuous support write operations.
The associated causal consistency feature allows users to “read” their notes. In previous versions, this was not possible due to the distributed architecture of MongoDB.
Compass . The tool will allow you to interact with MongoDB through a visual interface instead of the command line. This feature will come from the cloud version of the database - Atlas .
The official release of MongoDB 3.6 is scheduled for December 2017.
PS A few more articles from our corporate blog:
We will talk about what developers have changed and what features they have implemented. / photo by Michael Mandiberg / CC According to iDatalabs, 4.5% or 24 thousand companies use MongoDB as their main DBMS. Moreover, among them there are large players in the IT sector. For example, the Google Compute Engine cloud platform employs MongoDB to develop scalable applications. Also works with this DBMS
Electronic Arts (EA) to scale FIFA Online 3 to millions of players. EA spokespersons note that new MongoDB features will enhance the gaming experience.
BelkaCar car sharing service also uses MongoDB. Web applications of the service are deployed in the IT-GRAD cloud, and MongoDB helps to quickly solve the problems of cloud applications and is used to store raw data.
Throughout the year, MongoDB DBMSs have been exposed to cyber attacks. Attackers gained access to vulnerable systems, stole data and demanded a ransom for them (in bitcoins). According to Niall Merrigan, the total number of attacks in January exceeded 27 thousand. The attack in September hit 26 thousand systems.
However, experts emphasizethat the cause of the “attacks” was not the vulnerability in MongoDB itself, but the unreliability of the default settings used by the attacked companies. The goals of the hackers were only incorrectly configured DBMSs.
In this regard, the creators of MongoDB are releasing a new version with a security update. Additionally, new tools for developers and administrators were “packaged” in the update.
Features of MongoDB 3.6
Administrators will receive a new function for maintaining lists of allowed applications. It allows you to automatically block incoming connections if their protocol or IP address has not been previously approved.
MongoDB Europe founder and CTO Eliot Horowitz emphasized that MongoDB will no longer ship out of the box with a vulnerable configuration. In the new version, only the local host is activated by default - this way attackers and ransomware viruses will not be able to connect to the database. To switch to working on the network, you will have to change the settings manually.
The new version of the DBMS also solves several other problems: it increases the speed, flexibility and security of operations. Among the new tools are the following:
Change streams . This tool automatically captures and translates changes from DBMS logs. APIs were developed that transmit real-time update information using the new $ changeStream operator and watch method. Previously, developers had to write separate code for this.
Retryable writes . It automatically repeats the database update operation if it is interrupted for some reason. This will help developers save time and reduce the number of failover scenarios by one. When using together with recovery tools, Retryable Writes provide nearly continuous support write operations.
The associated causal consistency feature allows users to “read” their notes. In previous versions, this was not possible due to the distributed architecture of MongoDB.
Compass . The tool will allow you to interact with MongoDB through a visual interface instead of the command line. This feature will come from the cloud version of the database - Atlas .
The official release of MongoDB 3.6 is scheduled for December 2017.
PS A few more articles from our corporate blog: