1. Security Guide
  2. Introducing Oracle NoSQL Database Security

1 Introducing Oracle NoSQL Database Security

Oracle NoSQL Database can be configured securely. In a secure configuration, network communications between NoSQL clients, utilities, and NoSQL server components are encrypted using SSL/TLS, and all processes must authenticate themselves to the components to which they connect.

There are two levels of security to be aware of. These are network security, which provides an outer layer of protection at the network level, and user authentication/authorization. Network security is configured at the file system level typically during the installation process, while user authentication/authorization is managed through NoSQL utilities.

You can use the following Oracle NoSQL Database features to configure security for your Oracle NoSQL Database installation:

  • Security Configuration Utility. Allows you to configure and add security to a new or to an existing Oracle NoSQL Database installation.

  • Authentication methods. Oracle NoSQL Database provides password authentication for users and systems. The EE version of Oracle NoSQL Database also supports Kerberos authentication.

  • Encryption. Data is encrypted on the network to prevent unauthorized access to that data.

  • External Password Storage. Oracle NoSQL Database provides two types of external password storage methods that you can manipulate (one type for CE deployments).

  • Security Policies. Oracle NoSQL Database allows you to set up behaviors in order to ensure a secure environment.

  • Role-based authorization. Oracle NoSQL Database provides predefined system roles, privileges, and user-defined roles to users. You can set desired privileges to users by role-granting.

In addition, Keeping Oracle NoSQL Database Secure provides guidelines that you should follow when securing your Oracle NoSQL Database installation.

Note:

Full Text Search and a secure Oracle NoSQL Database store are disjoint, that is, if Oracle NoSQL Database is configured as a secure store, Full Text Search should be disabled. On the other hand, if Full Text Search is enabled (that is, an external Elasticsearch cluster is registered) in a nonsecure store, users cannot reconfigure the nonsecure store to a secure store, unless Full Text Search is disabled before reconfiguration. See Security in Full Text Search in the Integrations Guide.