Developers: | MongoDB (formerly 10gen) |
Last Release Date: | 2015/12/09 |
Technology: | DBMS |
Content |
MongoDB is one of the next generation NoSQL-type databases challenging the dominance of relational, etc., DBMS Oracle Microsoft now used in most corporate ones. DPCs
MongoDB is an open source document-oriented database management system (DMS) that does not require a table schema description. It is used by Craigslist, eBay, SourceForge, Viacom and many others.
In 2019, the MongoDB website contains data from the DB-Engines rating, which characterizes the popularity of more than 200 different DBMS. Browsers call MongoDB the most popular NoSQL system. The rating is based on criteria such as mentions on social networks, the number of jobs created around the SBUD, the availability of professional certificates and the number of searches on Google.
History
2024: Cloud Availability T1 Cloud
T1 Cloud cloud services Three Managed Services (managed services) formats have become available to customers at once based on current versions, database management systems PostgreSQL MongoDB and. Redis T1 Cloud announced this on March 19, 2024. More. here
2019
Open MongoDB Server Found With Data Of 275M Indian Citizens
July 18, 2019 InfoWatch reported the results of the second quarter of 2019 in terms of leaks confidential information from organizations and identified the largest incidents. In May, researcher Bob Dyachenko discovered an open cloud server DBMS MongoDB with 275 personal data million citizens (India approximately 20% of the country's population) on the Web. More. here
Data of 200 million Chinese were in the public domain due to incorrect configuration of MongoDB
On January 10, 2019, Bob Diachenko, director of cyber risk research at Hacken, published the results of an investigation according to which the personal data of more than 202 million people looking for work in China, including phone numbers, email addresses, driver's licenses, salary expectations, marriage status, political preferences, height, weight, were in the public domain for 3 years.
At the end of December 2018, Dyachenko discovered an open and unprotected 854 GB instance of MongoDB, which contained 202 730 434 "very detailed" records. Data Base was indexed in Binary Edge and Shodan data search engines and was available without a password or login. It was not closed until a week after the leak was posted on Twitter on December 28, 2018.
Dyachenko could not match the database to a specific service, but found a three-year GitHub repository with templates identical to those used in the found resumes. Repository ownership has not yet been determined, but it is assumed that the data was taken from Chinese ad sites such as 58.com.
A 58.com spokesman said the open base was not owned by their company, and the data may have come from a third-party firm that collects information from many sites.
We searched our entire database and checked all other vaults; it is absolutely certain that this data "leaked" not from us. The data appears to have "leaked" from a third party that collects it from different sites, a company spokesman said. - It is worth noting that the MongoDB log lists at least a dozen IP addresses from which data could be accessed before access to it was closed. |
This leak has become one of the largest in China of all time.[1][2]
2015
Stable MongoDB 3.2 release
On December 9, 2015, a stable release of the MongoDB 3.2 document-oriented DBMS was released. MongoDB 3.2.0 builds are built for Linux, Solaris, Windows and OS X[3].
Release features
- means for checking the correctness of the structure and content of documents, implemented through binding to documents of a special validator that defines rules for checking types, fields and values;
- storage engine with data encryption (only for MongoDB Enterprise);
- storage engine for real-time systems, placing all data in RAM;
- using SpiderMonkey as a JavaScript engine for mongo shell and mongod server;
- a module for interfacing with business intelligence systems such as Tableau and Qlikview;
- Compass - a graphical interface for managing MongoDB, visualizing, studying data and generating samples without the need to use the MongoDB query language;
- a visual profiling system for executing requests, which allows you to assess the delays that occur and highlight slow requests to the database;
- supporting partial indexes including only selective documents based on the filter specified when creating the index;
- using the default WiredTiger storage engine instead of the previously used MMAPv1 engine. WiredTiger has a high level of scalability on multi-core systems, predictable request processing time, independent of the number of records in the database, the ability to block records at the document level and support data storage in compressed form;
- the ability to combine data from several collections of documents using the $ lookup operator, which implements mergers of type "left outer join."
MongoDB 3.2
On November 5, 2015, the preliminary release of the MongoDB 3.2 DBMS, focused on document storage, became available for review[4].
A high-performance scalable DBMS occupies a niche between fast and scalable systems that operate on key/value data and relational DBMSs that are functional and easy to use queries.
MongoDB supports document storage in a JSON-like format, has a sufficiently flexible language for generating queries, can create indexes for various stored attributes, efficiently stores large binary objects, supports logging operations to modify and add data to the database, can work in accordance with the MAP/Reduce paradigm, supports replication and building fault-tolerant configurations.
MongoDB has a means of providing a sharding (distribution of a set of data to servers based on a specific key), combining which data replication can build a horizontally scalable storage cluster in which there is no single point of failure (the failure of any node does not affect the operation of the database), automatic recovery from failure and load transfer from a failed node is supported. Expanding the cluster or converting one server to a cluster is done without stopping the database simply by adding new machines.
Special features of release 3.2:
- Means of checking the correctness of the structure and content of documents, implemented through binding to documents of a special validator that defines rules for checking types, fields and values;
- Innovative storage engine with data encryption (only for MongoDB Enterprise);
- Upgraded storage engine for real-time systems, placing all data in RAM;
- Using SpiderMonkey as a JavaScript engine for mongo shell and mongod server;
- A fresh module for interfacing with business intelligence systems such as Tableau and Qlikview;
- Compass - a graphical interface for managing MongoDB, visualizing, studying data and generating samples without the need to use the MongoDB query language;
Screenshot of the Compass window (2015)
- A visual profiling system for executing requests, which allows you to assess the resulting delays and highlight slow requests to the database;
- Support for partial indexes that include only selective documents based on the filter specified when creating the index;
- Using the default WiredTiger storage engine instead of the previously used MMAPv1 engine. WiredTiger has a high level of scalability on multi-core systems, predictable request processing time, independent of the number of records in the database, the ability to block records at the document level and support data storage in compressed form;
- The ability to combine data from several collections of documents using the $ lookup operator, which implements mergers of the type "left outer join."
Tens of thousands of MongoDB databases published on the Web
Three students at the University of Saarland, Germany, discovered 39,890 MongoDB bases published online. Some of them are owned by large companies and contain confidential information of millions of people[5][6].
To search, Jens Heyens, Kai Greshake and Eric Petryka used the well-known search engine Shodan, which scans ports and indexes information that is not available through other search engines. The MongoDB configuration defaults to open TCP port 27017 and, as students note, in order to access databases, an attacker just needs to scan ports on the Internet.
According to experts, this situation could arise for two reasons. First, MongoDB is designed to run on a single physical machine or virtual machine instances. Secondly, the wording of the documentation and directives for configuring Internet access on MongoDB servers may not be clear enough if access control, authentication and data encryption mechanisms need to be activated.
"If a less experienced administrator installs the MongoDB web database server following these guidelines, it is likely that in the process he will ignore the importance of activating the necessary security mechanisms, which will lead to complete openness and vulnerability of the databases. Thus, anyone will be able to access them and, most importantly, carry out various manipulations with them, "the experts warned.
MongoDB is an open source NoSQL database. It is currently the most commonly used NoSQL database and several major Web sites and services integrate such a database for their backend.
We discovered that MongoDB databases running as a service or Web site backend on several thousand commercial servers are openly available on the Internet. Without any special tools and without circumventing any security measures, we would have been able to get read and write access to thousands of databases, including, e.g., sensitive customer data or live backends of Web shops.
The reason for this problem is twofold:
- The defaults of MongoDB are tailored for running it on the same physical machine or virtual machine instances.
- The documentations and guidelines for setting up MongoDB servers with Internet access may not be sufficiently explicit when it comes to the necessity to activate access control, authentication, and transfer encryption mechanisms.
If a less experienced administrator sets up a MongoDB Web server following those guidelines, it can easily happen that the administrator oversees the importance of activating crucially required security mechanisms. This will lead to a completely open and vulnerable database that each and everyone can access and, even worse, manipulate. Apparently, this is what happened to the thousands of databases we found. In the following we will first document our findings and, consequently, provide guidelines on how to secure MongoDB servers.
2014
MongoDB 2.6
MongoDB is a cross-platform, document-centric DBMS designed to help organizations cope with steadily growing volumes of unstructured data. MongoDB 2.6, released in April 2014, offers new text search features and tools for special types of analysis, advanced security functionality, new tools for manipulating large amounts of data and generalizing/aggregating data, extensions to MongoDB Management Services to simplify data management, and a new level of scalability and performance.
MongoDB expands the functionality of the system
On October 16, 2014, MongoDB announced a significant expansion in the functionality of the database management system to simplify deployment, scaling and use in various cloud infrastructures.
According to the developers, enterprises will be able to deploy, modernize and administer instances of MongoDB running in their own data centers, on laptops and in various public clouds, including Amazon Web Services (AWS), IBM Cloud, Google Compute Engine and Microsoft Azure, using the MongoDB Management Service (MMS) system.
Advantages of the novelty
- Managing the scaling of the MongoDB database was not easy because it required a lot of knowledge and effort. Now the updated MMS service will allow you to solve the task and give IT specialists the opportunity to focus on application development.
- As part of the MMS:
- tools for deploying DBMSs across different infrastructures with a single click,
- integration with Amazon Web Services;
- Update and manage performance
- Continuous backup and recovery.
Along with the expansion of the functionality of the MMS system, MongoDB changed the pricing model. Previously, MMS was available in the cloud as a free service, and in order to use it on its site, the customer had to buy it. Now MMS remains free for only eight servers, and for each next server you need to pay $50 per month. You can use memory for a backup company for $2.5 per gigabyte, support and maintenance for $450 per month, or $5,000 per year for one server.
2013
MongoDB 1.8
In the open source non-relational DBMS MongoDB 1.8, its developers, 10gen specialists, implemented a logging mechanism that registers each operation with the database. In the event of a DBMS server failure, the log will allow you to quickly restore the database to its last operational state. According to 10gen, the operation of the logging mechanism does not cause a significant decrease in DBMS performance.
MangoDB 1.8 also implements the ability to add new data to the existing set obtained as a result of filtering using the MAP/reduce function. In addition, the replication function and the mechanism for partitioning data using the sharidng method have been improved.
MongoDB, which appeared in 2009, is a document-oriented DBMS that stores information in a sequential format similar to JSON. MongoDB databases are devoid of table structures and schemas and allow new attributes to be introduced as needed. Queries are executed using a reminder syntax. JavaScript According to the developers of MongoDB, DBMS is able to extract information faster than relational, especially when requesting simple data sets. MongoDB is used, in particular, in the online services Foursquare, Bit.ly and SourceForge.
Pentaho and MongoDB announced in September 2013 an improved integration of MongoDB with the Pentaho Business Analytics 5.0 platform released on September 12. Together, the two technologies constitute an interactive analytics solution that meets the growing demand of companies for big data tools, Jake Cornelius, senior vice president of product at Pentaho, told eWeek.
The advanced smooth integration of Pentaho Business Analytics 5.0 and MongoDB provides analytics capabilities with full support for Replica Sets, Tag Sets, and Read and Write Preferences of this popular NoSQL data store. The combination of Pentaho Business Analytics and MongoDB helps business users and developers increase the usefulness of data, reduce its complexity, speed up data access and query execution.
With Pentaho, you can access, combine, visualize, and report MongoDB data using any of the other data sources needed for in-depth understanding and operational analytics. Reporting based on MongoDB data is also simplified. Pentaho provides automatic document sampling, a mouse drag-and-drop interface, and schema generation, which improves developer productivity.
In addition, such integration without sacrificing performance expands the functions and capabilities of MongoDB, such as the Aggregation Framework, Replication and Tag Sets.
Notes
- ↑ [1] An unsecured database exposed the personal details of 202M job seekers in China Personal data on 202 million Chinese job-seekers left exposed on insecure database
- ↑ [2]
- ↑ The release of the document-oriented database MongoDB 3.2
- ↑ The document-oriented DBMS MongoDB 3.2 has been announced
- ↑ MongoDB databases at risk - Severe thousand MongoDBs without access control on the Internet Jens Heyens, Kai Greshake, Eric Petryka January 2015
- ↑ Tens of thousands of MongoDB databases have been published online