back to article Microsoft makes cheeky bid for MongoDB devs on Azure security grounds

Microsoft is attempting to capitalise on a recent spate of ransom attacks on unsecured MongoDB instances by encouraging developers to switch to working with its own Azure-based DocumentDB system. The free version of MongoDB ships with the default TCP port 27017, and with so many administrators failing to run port to change it …

  1. Anonymous Coward

    "... with so many administrators failing to run port to change it ..."

    Isn't it a question of how many MongoDB database admins are suitable for the job?

    1. Brian Miller

      Change the port, put it behind firewall rules, and, uh, passwords??

  2. Charlie Clark Silver badge


    I think asking the next door neighbour's kids to look after your data is safer than using Mongo DB. But as hipsters all we care about is: is it JSON and webscale?

    The end of the world isn't far off.

    1. a_yank_lurker

      Re: Meh

      The problem is not taking security seriously enough to properly design and implement your system. MongoDB's defaults do not help but they are easily reconfigured if you bother to learn what you are doing. This is not different for any other db system; learn how to secure it and learn how properly sanitize data and most of the problems disappear.

      Also, remember it is Slurp making the pitch who is a notorious data guzzler and also prone to security theater.

      1. Charlie Clark Silver badge

        Re: Meh

        The problem is not taking security seriously enough to properly design and implement your system.

        As if that were the only problem with the DB. But, hey, now you can connect the browser client directly with the server DB for better performance. If you're worried about security, you'll never be a hipster!

    2. Tim99 Silver badge

      Re: Meh

      Have an up vote for the webscale reference. For anybody who has not seen it (NSFW): YouTube Link

  3. Gunboat Diplomat


    Yes, the auth approach in mongo is a pain in the arse, but why change the port? Just don't open it up to the whole world. If you allow connections from anywhere to your DB you're going to suffer regardless of tech.

  4. R3sistance

    I have to admit to having never liking the mongoDB approach... it seems so ill conceived to begin with. It is like "here is our great but should never be implemented ideas, implemented by half-brain dead monkeys", the thing I doubt is that Microsoft's DocumentDB is going to be any better a concept, tho will probably at least be more secure.

  5. Anonymous Coward
    Anonymous Coward

    No contest

    MongoDB might be insecure with its default settings, but there is no comparison to DocumentDB at present. Just ask anyone unlucky enough to have had to use DocumentDB for an extended period of time (case in point: me).

    - No backup/restore

    - Can't rename collections

    - Can't rename databases

    - No proper tooling, only way to interact with DocumentDB is through Microsoft's nightmarishly designed Azure Portal

    - Incredibly expensive (and billed per collection!)

    Recently, they added support for aggregate functions like SUM and COUNT, announced with great fanfare. Shame you need to pay them an obscene amount of money just to get decent throughput on aggregates though: I've seen 200 resource units being used in a single COUNT query, compared to 10-50 resource units for normal SELECT queries (which by the way are themselves slower if you select specific fields, rather than all fields). In addition, DocumentDB seems to give the wrong result if you do a COUNT of a whole collection when it gets larger than a certain size, and the result varies each time. This leads me to wonder what DocumentDB's internals are like!

    Maybe come back in 5 years when DocumentDB is out of beta.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like