Keep your OrientDB Database Secure

[Luca Garulli]

Hi OrientDB Users,

I don't know if all of you are aware about what's happening with MongoDB and Elastic Search databases. Take a look at this article: http://www.pcworld.com/article/3157417/security/after-mongodb-ransomware-groups-hit-exposed-elasticsearch-clusters.html.

OrientDB's average level of security is much stronger than both MongoDB and ElasticSearch. But nothing can keep you totally safe, specially if you are exposing an OrientDB server directly to the Internet and/or you haven't changed the default password in your database.

So here a 5 minutes action plan to keep your OrientDB safer.

1. If you aren't using the default users (admin, reader and writer), then delete them
   
2. If you're using them, be sure you changed the password to all of these 3 default users: admin, reader and writer
3. When you have installed OrientDB the first time, the script asked for the root's password. Well, be sure you don't have something obvious like "root", "orientdb", "password", etc.

Now a few advice to keep OrientDB even more secure:

1. If you can, don't expose the OrientDB server to the Internet
2. Remember that starting from v2.2 you can configure a stronger SALT cycles for hashed password. Look at: http://orientdb.com/docs/2.2/Database-Security.html#password-management
3. If you're working with very sensitive data, please consider to use Encryption at REST using AES algorithm: http://orientdb.com/docs/2.2/Database-Encryption.html.

More Resources:

• Database Security
• Server Security

For any question, don't hesitate to followup on this message.

Thanks.

Best Regards,

Luca Garulli
Founder & CEO
OrientDB LTD