Mongodb's plan to limit breaches: "Field Level Encryption"

Originally published at: https://boingboing.net/2019/06/18/defense-in-depth.html

This will be so hard to use correctly that it will open up all kinds of side channel attacks; or not.

1 Like

Lotus (IBM/HCL) Notes, the original no SQL database, has had field level encryption since version 6.x (early 2000’s). It’s well implemented and easy to use. The dbs can be encrypted so if the file is stolen, the thief can’t use it. Glad to see someone else thinks this is useful.

4 Likes

Interesting technical solution to a mostly non-technical problem. The main reason MongoDB is widely regarded as insecure is because for the longest time, the defaults were completely insecure - no auth, listen on all network interfaces. This combined with hurried/lazy/ignorant developers resulted in a treasure trove of open databases all over the Internet.

I actually had to deal with this twice at work - once in 2017 and once a couple weeks ago. Open MongoDB with private personal info on a web app developed by students. First time it was reported and supposedly secured, we did a breach notification, thought we were good.

Most recent occurrence was the same system - apparently when notified in 2017 they added a firewall rule to block the MongoDB port. Then 2 years later, the old student sysadmin left and a new one took over. They rebooted the server, and oops… the other guy forgot to make the firewall change permanent (not to mention the fact the system had been running without patches for 2 years(!!)). Got to do it all over again.

A Google search for ‘MongoDB insecure by default’ shows just how big the issue was, and if the dates on the results of the search are anything to go by, still is.

I suppose on the bright side this sort of thing ensures my job security, but come on, secure your shit!

2 Likes

Yep. Various players have been moving this way for a while. SQL Server added row and column level encryption a while back.

Side channel attacks which mean that the proposed design leads to a situation that is better or worse than the current situation? In other words, is a bad implementation of FLE better of worse than not using FLE at all? Because, if it’s far better than what we have not - albeit not yet perfect - then that’s a Very Good Thing. Right?

I was wrong. Field level encryption has been part of Notes since 1993.

Given how much fun good key management isn’t, and how superb almost nobody is at it; I suspect that the clever side channels will exist but be of mostly academic interest compared to more prosaic plundering of the keys from wherever they are being stored to minimize the changes to the application design required.

1 Like

This isn’t intended as disagreement or disparagement; but I think your comment is the first time I’ve seen ‘Lotus Notes’ and ‘well implemented and easy to use’ in close proximity to one another.

It was always a “haha, you kids with your 'magic 8 ball says “Outlook not so good”; back in my day we had to walk both ways up hill, in the snow, and use Lotus Notes!” boogyman to scare the punk kids.

1 Like

Did anyone else initially read that headline as “Mongodb’s plan to limit beaches…”?

This topic was automatically closed after 5 days. New replies are no longer allowed.