Search the Community
Showing results for tags 'mongodb'.
steven36 posted a topic in Security & Privacy NewsData breaches and exposures have been so rampant over the last few years that it's difficult to even keep track at this point, much less step back to mull a solution. But, perhaps out of necessity, researchers from the database giant MongoDB have spent the last two years developing a new database encryption scheme aimed squarely at reducing these damaging incidents. Their secret weapon? Radical simplicity. The idea of encrypting databases in various ways isn't new. But in practice there have been limitations on where and when data was actually protected. Databases are often encrypted "server-side," meaning that random strangers can't just query it for information, but credentialed users can access some or all of the information in it. But that also means that anyone with full access to the data—like the database operator and administrators—can decrypt and access everything. This puts the data at risk to both outside hackers wielding stolen credentials, and rogue insiders who have been granted more access than they need. Other types of encryption schemes, though, typically add both complexity and cost, which is why it's taken so long for companies like MongoDB to offer something that's both usable and secure. And given that companies as large as Adobe and Google rely on MongoDB database architecture, it's a solution that could have outsized impact. "One reason that no one did this before was because they didn’t perceive customer demand the way that it’s easy to perceive today," says Davi Ottenheimer, MongoDB's vice president of trust and digital ethics. All those high-profile database breaches have finally started to make companies aware of what solid encryption is worth. MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a "client-side" encryption scheme, databases utilizing Field Level Encryption will not only require a system login, but will additionally require specific keys to process and decrypt specific chunks of data locally on a user's device as needed. That means MongoDB itself and cloud providers won't be able to access customer data, and a database's administrators or remote managers don't need to have access to everything either. For regular users, not much will be visibly different. If their credentials are stolen and they aren't using multi-factor authentication, an attacker will still be able to access everything the victim could. But the new feature is meant to eliminate single points of failure. With Field Level encryption in place, a hacker who steals an administrative username and password, or finds a software vulnerability that gives them system access, still won't be able to use these holes to access readable data. The focus, Ottenheimer says, was on trying to offer that security in a form customers would actually adopt—a classic cybersecurity problem. "We really focused on making this easy for developers to put into their path to release," he says. "We want them to be able to release new products and code as quickly as possible." Field Level Encryption is built on well-tested, public encryption standards, and is open source, so it can be extensively vetted by the cryptoanalysis community. That auditing process has already begun, but will expand significantly during the tool's beta testing phase, set to start next week. So far the early analysis has been promising, says Seny Kamara, a cryptographer at Brown University and cofounder of the data security firm Aroki Systems, who has been assessing Field Level Encryption. Kamara says that MongoDB has already made changes based on his and his team's feedback. "This cryptographic technology is new and like much of cryptography there are tradeoffs between efficiency and security," he says. "MongoDB’s effort to involve the cryptography community is unusual and welcomed. Being proactive about getting new cryptography analyzed is definitely the right way to do things." As with any defense mechanism, Field Level Encryption does come with some limitations and caveats. Most importantly, MongoDB databases are what's called "NoSQL" databases, meaning they can accommodate all sorts of unstructured data and fan out across many servers as they grow. And while MongoDB offers the most popular type of NoSQL database, so-called "SQL" databases, or relational databases, are more common overall. This means that Field Level Encryption, or something like it, won't be coming to every database anytime soon. Additionally, the new feature creates challenges to managing all of the different system encryption keys across cloud providers, and also makes it more complicated for the database system to perform certain types of information sorting and querying, since data is scrambled and unreadable. Still, given MongoDB's reach, Field Level Encryption is an important step—one the company hopes other database makers will now be motivated to take, too. And Kenn White, MongoDB's product security lead, says that he thinks the company will be able to overcome more and more of these limitations as it works with beta testers and beyond. Above all, the goal of the new defense, he says, is to limit access to the data as much as possible. He likens the feature to putting valuables in a safe, and then placing the safe in a locked storage unit. Even if someone pressures the storage provider to cut the lock, they'll still have to contend with your safe. Nothing can ever be a total security panacea, though. "If you put a pair of bolt cutters and a sticky note with the safe combo on the ground outside your unit then, yeah, I got nothing," White says. "But if you have confidential workloads, now you don’t need to trust MongoDB. If you have a backup that's sitting in a cloud bucket—no one can read the encrypted fields. You can run highly sensitive workloads and have protection against an insider attack or an internal breach. That's a much better position to be in." Source
svniceguy posted a topic in Software UpdatesPremiumSoft Navicat Premium 12.1.19 is now out. What's new: https://www.navicat.com/en/products/navicat-premium-release-note May 23 2019 Navicat Premium (Windows) version 12.1.19 Bug-fixes: Text editor did not display the full text in some cases. Data Synchronization inserted values into Generated Columns. Minor bug fixes and improvements. Navicat Premium Trial (32 bit) - https://www.navicat.com/download/direct-download?product=navicat_premium_en_x86.exe&location=1 Navicat Premium Trial (64 bit) - https://www.navicat.com/download/direct-download?product=navicat_premium_en_x64.exe&location=1 PremiumSoft Navicat All Products Multi Keygen+Patch DeltaFox keygen (official releases): Site: https://github.com Sharecode: /Deltafox79/Navicat_Keygen/releases NOTE: Previous updates required only a patch (from the medicine). For this version I had to patch and then gen a new activation code, etal. YMMV Cheers........
svniceguy posted a topic in Software UpdatesPremiumSoft Navicat Premium 12.1.18 is now out. What's new: https://www.navicat.com/en/products/navicat-premium-release-note Apr 17 2019 Navicat Premium (Windows) version 12.1.18 Bug-fixes: 1. Error occurred when connecting to MySQL 4.0. 2. Unable to execute SQL files that contain "NaN" values. 3. Primary Key checkbox was deselected when tabbing to the next field in Table Designer. 4. "Unknown Internal" error occurred when importing data. 5. The DDL of PostgreSQL tables with "tstzrange" data type was incorrect. 6. Table Designer cannot show the definition of MySQL 5.0 triggers. 7. Unable to set the precision of "datetime2" data type to 0 in Table Designer. 8. The deployment scripts generated incorrect default value in Structure Synchronization. 9. "Access Violation" error occurred after editing the data pipeline in Report. 10. "Unknown Internal" error occurred when using Automation. 11. Minor bug fixes and improvements. Navicat Premium (32 bit) - http://download3.navicat.com/download/navicat121_premium_en_x86.exe Navicat Premium (64 bit) - http://download3.navicat.com/download/navicat121_premium_en_x64.exe PremiumSoft Navicat All Products Multi Keygen+Patch DeltaFox keygen (official releases): Site: https://github.com Sharecode: /Deltafox79/Navicat_Keygen/releases (Thanks to @H4rDw4rE for the update to DeltaFox's "medicine". I was able to activate using V4.6, FYI) NOTE: Previous updates required only a patch (from the medicine). For this version I had to patch and then gen a new activation code, etal. YMMV Cheers........
svniceguy posted a topic in Software UpdatesDBeaver Universal Database Client Enterprise Edition 7.0 (Upgrade from 6.3) DBeaver is a universal database management tool for everyone who needs to work with data in a professional way. With DBeaver you are able to manipulate with your data like in a regular spreadsheet, create analytical reports based on records from different data storages, export information in an appropriate format. For advanced database users DBeaver suggests a powerful SQL-editor, plenty of administration features, abilities of data and schema migration, monitoring database connection sessions, and a lot more. Out-of-the box DBeaver supports more than 80 databases. Having usability as its main goal, DBeaver offers: Carefully designed and implemented User Interface Support of Cloud datasources Support for Enterprise security standard Capability to work with various extensions for integration with Excel, Git and others. Great number of features Multiplatform support What's new in V7.0 Downloads for Windows, Linux and macOS: DBeaver Enterprise Edition 7.0 download NOTE: If you are unable to activate after you have used the "installer" (.exe) version, uninstall it and reinstall using the contents of the ".zip" file version. DBeaver Community Edition 7.0 download (free activation) DBeaver activation: (Note: Activation zip file updated to include English instructions) Site: https://www.upload.ee Sharecode: /files/11259013/dbeaver-agent-latest__191030_.zip.html (Tested for V6.3 and V7.0 for Windows 10 and Fedora 31/Linux)