Tuesday, April 20, 2010

NoSQL More Secure?

This is just a theory, but could the current "NoSQL" solutions provide a more secure data storage solution than a relational database? Now, I don't know what type of authentication all of them have. It seems like they have little to none, however I'm approaching this from a different perspective.

SQL injection attacks are some of the most wide-spread attacks that have occurred in recent years. These attacks typically are done through a web sites input forms or perhaps a modification of the parameters in a URL.

NoSQL solutions, however, do not use SQL, therefore these attacks wouldn't work on these types of data stores. Any "queries" that are performed are most likely done in code with perhaps some filtering or ordering done in the data store and since the interfaces for these solutions vary, similar types of attacks aren't possible. Well, except perhaps if a specific data store and/or middleware was targeted.

So, I'm kind-of thinking that perhaps a side-benefit of this sort-of new movement is that SQL injection attacks or similar are much harder if impossible. I have no proof, but this is something that probably should be explored as currently I'm not 100% convinced that NoSQL is the way to go with web sites, however improved security would be a compelling reason to consider such solutions. Of course, this is assuming that the basics are covered, such as secure authentication and perhaps even link encryption.

Labels: , ,


Post a Comment

Links to this post:

Create a Link

<< Home