Hi OrientDB Users, I don't know if all of you are aware about what's happening with MongoDB and Elastic Search databases. Take a look at this article: http://www.pcworld.com/article/3157417/security/after-mongodb-ransomware-groups-hit-exposed-elasticsearch-clusters.html .
OrientDB's average level of security is much stronger than both MongoDB and ElasticSearch. But nothing can keep you totally safe, specially if you are exposing an OrientDB server directly to the Internet and/or you haven't changed the default password in your database. So here a *5 minutes* action plan to keep your OrientDB safer. 1. If you aren't using the default users (admin, reader and writer), then delete them 2. If you're using them, be sure you changed the password to all of these 3 default users: admin, reader and writer 3. When you have installed OrientDB the first time, the script asked for the root's password. Well, be sure you don't have something obvious like "root", "orientdb", "password", etc. Now a few advice to keep OrientDB even more secure: 1. If you can, *don't expose the OrientDB server to the Internet* 2. Remember that starting from v2.2 you can configure a stronger *SALT* cycles for hashed password. Look at: http://orientdb.com/docs/2.2/Database-Security.html#password-management 3. If you're working with very sensitive data, please consider to use Encryption at REST using AES algorithm: http://orientdb.com/docs/2.2/Database-Encryption.html. More Resources: - Database Security <http://orientdb.com/docs/2.2/Database-Security.html> - Server Security <http://orientdb.com/docs/2.2/Server-Security.html> For any question, don't hesitate to followup on this message. Thanks. Best Regards, Luca Garulli Founder & CEO OrientDB LTD -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to orient-database+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
