Recent news has
brought back the focus on how a poorly secured database server can cause
irreversible damage to the reputation of the software vendor apart from many
other tangible and intangible losses.
The security features in Oracle NoSQL Database makes it a
member of Oracle family of products which prides themselves in being called as very
This blog briefly describes these security features.
1) There are two levels of security: network security and
user authentication and authorization
security provides an outer layer of protection at the network level and is
configured during the installation process using cryptographic keys, X.509
certificate chains and trusted certificates. What this means is the
communication between the client and server nodes and also between the server
nodes is encrypted using the SSL/TLS protocol.
authentication and authorization can either be managed by using Oracle NoSQL Database
utilities or relegated to any Kerberos compliant LDAP/Single-sign-on server.
2) Starting with release 4.3 of Oracle NoSQL Database,
the security features are enabled by default.
3) Access to a secure Oracle NoSQL Database is limited to
only authenticated users. Oracle NoSQL Database provides tools for user
and password management.
4) Password credentials for connecting to database are stored
in a client-side Oracle
Wallet, a secure software container used to store
authentication and signing credentials. With Oracle Wallet, applications no
longer need to embed user and password in application code and scripts. This considerably
reduces risks because the user credentials are no longer exposed in the clear
and password management policies are more easily enforced without changing
application code whenever user names or passwords change.
5) Oracle NoSQL Database provides a set of default rules for
creating and updating a user password in order to enhance security. These rules
enable the administrator to enforce strong
password policies such as minimum and maximum password length,
minimum number of upper and lower case characters, digits and special
characters, password expiry, list of restricted passwords and maximum passwords
to be remembered that cannot be reused when setting new password.
6) Successfully authenticated users receive an identifier
for a login session that allows a single login operation to be shared across
Storage Nodes. That session has an initial lifetime associated with it, after
which the session is no longer valid. The server notifies the user with an
error once the session is no longer valid. The application then needs to
7) Oracle NoSQL Database provides role
based authorization. A user can be assigned one or more roles. Roles can either be a built-in system role
(readonly, writeonly, readwrite, dbadmin, sysadmin and public) or user defined
role. These built-in roles map to one or more privileges. Privileges can either
be System privileges or Object (table level) privileges. System privilege
grants the user the ability to perform a store wide action while Object
privilege grants the user the ability to perform an action only on that specific
8) With Kerberos integration Oracle NoSQL Database can
relegate the authentication and authorization job to any Kerberos compliant
LDAP or single-sign-on server.
In summary, Oracle takes security very seriously for all
of its products. Oracle NoSQL Database has been designed from the start to be
secure and protect user’s data.