From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering
NoSQL databases
From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering
NoSQL databases
- [Narrator] Most databases that you use are relational databases that rely upon the structured query language or SQL to store, retrieve and modify data from tables. SQL provides quite a bit of power and flexibility but that power and flexibility comes with overhead in terms of processing power and storage and retrieval time. There's a relatively new type of database called NoSQL databases that leaves behind much of that overhead by implementing an extremely simple format known as a key value store. These databases don't have the defined record formats of SQL databases. They're basically a giant filing cabinet that stores values using a key. Values can later be retrieved from the database by referencing that key. NoSQL databases are very popular for web applications because of the speed. Now, as I mentioned, NoSQL databases are a key value store. That means quite simply that the database only has two elements. A key that is used to identify and locate data in the database and a value that is associated with that key. The value is the real data that we're storing in the database for later use. In a simple key value store, you might have one value for each key. For example, this NoSQL table uses numeric keys and then has a single value associated with each key. Now that's not a hard limit. However, you can have many different values associated with each key and as I mentioned earlier, the values can have different structures for different keys. Let's take a look at an example, using the dynamo DB NoSQL database available from Amazon web services. Here I am at the dynamo DB dashboard. I'm going to go ahead and create a brand new table for use in this example. We're going to put some phone numbers and maybe some other information in this table. I'm going to go ahead and call it phone numbers and then I have to give it a primary key. I'm going to choose to use a string for my primary key. That's already selected over here and I'm going to give it the name, name. We're going to put people's names as the primary key in our database. Then I go ahead and click the create button and as you can see, the table is now being created. It's named phone numbers and we're going to go ahead and start adding some information to this table and now that the table is created I'm going to click over here to the items tab. There's not anything in the table right now. If there were they would appear down here different keys and values. I'm going to go ahead and click create item and we have this create item interface and then you see we have keys and values. So here's the first key name I'm going to go ahead and give this the value, Mike and then in this item I'm also going to append another string record. I'm going to create something called phone number and then enter the value (212) 555-1212 and click save, that'll go ahead and save to the NoSQL database in dynamo DB and as you can see I now have one item down here named Mike phone number. There's the phone number that I created. That's been stored in my NoSQL database. I can go ahead and repeat this process. Let's create another one called Renee and then we'll append another value. Notice it's asking me to give the specification for the other information in the item again because it doesn't have to follow the same format. I'm going to go ahead and do that (indistinct), I'm going to say phone number and then we'll put (516) 555-1212 and click save and now we have both of those items in the database. Let's go ahead and do just one more. This one, we'll give it the name Bob and append a string, but instead of a phone number this time I'm going to write zip code and put the zip code 11579 and click save and you can see this item got stored with the name Bob and the zip code 111579 and I didn't specify a phone number when I created this item. So there's nothing there. There's also no zip code for the first two items that I created because that wasn't present in those records. This is the flexibility of the NoSQL database. There is no predefined format and every record can just follow its own format based upon whatever input the user or application supplies. Now let's go ahead and click over here to the access control tab and start to get an idea about how security works. NoSQL databases do provide security options and provide the value to allow different users to log in and have different permissions. In dynamo DB, you can see the first thing I can choose here is identity provider. I have the choice of choosing Facebook, Google, or Amazon authentication. I'm going to choose login with Amazon and then I can choose different actions that I want to give permissions to on that database. I'm just going to click select all for now. I'll explain these more in just a moment and then down here I could choose if I wanted to allow access to different attributes, I could change this all attributes to specific attributes and then change the attributes that people could access through this identity provider. Then I'll just click create policy and the tool creates the policy that I could apply to the database, allowing that permission. So we'll talk more about what these access controls mean in just a moment. We need to be careful with NoSQL database security because it works differently than a relational database. As you saw, you can create policies that limit users to accessing certain attributes of the database. You'll also need to set the permissions for different database actions. In the dynamo DB NoSQL database we have the following actions. First, there's the all item action with an asterisk that allows full access to the database. GetItem permission allows the retrieval of a single item from the database while BatchGetItem allows the retrieval of many items simultaneously. PutItem allows writing a single item to the database while BatchWriteItems allows writing many items simultaneously. The Deleteitem permission allows removing items from the database while UpdateItem allows modification of key value pairs and finally Query allows you to search for items in the database. Now that's a very quick introduction to the security controls available in NoSQL databases looking specifically at dynamo DB. There are many other NoSQL databases such as Mongo DB, Couch DB and Cassandra and they have similar security issues.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.