I'm looking to design a webapp which stores private information securely using MongoDB. I would like to encrypt the entire database but it looks like it's not supported. What routes can I take to encrypt my database?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
MongoDB 3.2 (Released in November 2015) offers an encrypted storage engine. No need to use third party APIs to encrypt your data before insertion or encrypt the whole drive. You can find more details here. However, note that it is only offered for the Enterprise edition only.
It works with the WiredTiger storage engine, which has been the included as an alternative to the default MMAPv1 storage engine since 3.0. If your database is still using MMAPv1, read this guide for the steps to convert a database from MMAPv1 to WiredTiger.
As Fernando Paz noted in the comments, the encrypted storage is only available in MongoDB Enterprise edition.
回答2:
Great question! With Big Data on the rise, securing data at rest is more important than ever!
MongoDB doesn't support this directly, but Gazzang's Encryption & Key Management Platform has been specifically tailored for MongoDB (though it works with other NOSQL database systems too). It's is a commercial solution built on top of the open source eCryptfs encrypted filesystem in Linux, and it performs the encryption on the underlying filesystem in a way that security is maximized with minimal adverse effects on performance.
With customizable Access Control Lists, your unencrypted MongoDB data will only be accessible by users or processes of your choice. Check out this Big Data Security whitepaper or visit www.securingbigdata.com for more information.
Full disclosure: I'm employed by Gazzang.
回答3:
I would recommend that you use LUKS to encrypt your data volume. It is fairly simple to setup and manage compared to file system based encryption. It is also portable to various flavors of Linux and also has flexibility to let you change your password. If you need a solution out of the box Scalegrid.io encryption support provides this feature in the mongodb cluster creation wizard
Disclaimer: I am the founder of Scalegrid.io
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 来,给爷笑一个 的文章《MongoDB database encryption》','https://www.manongdao.com/article-202501.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}