Tuesday, 31 January 2017

Tips to Improve MongoDB Security

MongoDB provides a number of constructs to improve the security of your data. The security of your data in MongoDB is paramount - so it is important to leverage these constructs to reduce your surface area. Here are 10 tips you can use to improve the security of your MongoDB servers on premise and in the cloud.
1. Enable auth - Even if you have deployed your Mongodb servers in a trusted network it is good security practice to enable auth. It provides you "Defense in depth" if your network is compromised. Edit your mongod configuration file to enable auth
auth = true
2. Don't expose your production db to the internet - Restricting physical access to your database is an important aspect of security. If it is not necessary do not expose your production database to the internet. In case of any compromise if an attacker cannot physically connect to your MongoDB server, your data is that much more secure. If you are on AWS you can place your db's in a VPC private subnet. Read the blog post Deploying MongoDB in a VPC for more information.
3. Use firewalls - Use firewalls to restrict which other entities are allowed to connect to your mongodb server. Best practice is to only allow your application servers access to the database. If you are hosted on AWS use 'Security groups' to restrict access. If you are hosted on a provider that does not support firewall constructs you can easily configure it yourself using 'iptables'. Refer to the mongodb documentation to configure iptables for your scenario.
4. Use key files to setup the replica set - Specify a shared key file to enable communication between your mongodb instances in a replica set. To enable this add the keyfile parameter to the config file as below. The contents of the file need to be the same on all the machines.
keyFile = /srv/mongodb/keyfile
5. Disable HTTP status interface Mongodb by default provides a http interface running by default on port 28017 which provides the "home" status page. This interface is not recommended for production use and is best disabled. Use the "nohttpinterface" configuration setting to disable the http interface.
nohttpinterface = true
6. Disable the REST interface The monogdb REST interface is not recommended for production. It does not support any authentication. It is turned off by default. If you have turned it on using the "rest" configuration option you should turn it off for production systems.
rest = false
7. Configure Bind_ip If your system has multiple network interfaces you can use the "bind_ip" option to restrict your mongodb server to listen only on the interfaces that are relevant. By default mongodb will bind to all the interfaces
bind_ip = 10.10.0.25,10.10.0.26
8. Enable SSL - If you don't use SSL your data is traveling between your Mongo client and Mongo server unencrypted and is susceptible to eavesdropping, tampering and "man in the middle" attacks. This is especially important if you are connecting to your Mongodb server over unsecure networks like the internet.
9. Role based authorization - MongoDB supports role based authentication to give you fine grained control over the actions that can be performed by each user. Use role based constructs to restrict access instead of making all your users admins. Refer to the roles documentation for more details.
10. Enterprise MongoDB & Kerberos Enterprise mongodb integrates with Kerberos for authentication. Refer to the mongodb documentation for more details. Username/password systems are inherently insecure - use kerb based authentication if possible.
Posted by at No comments:

Tuesday, 26 April 2016

10 Advantages of PHP over other languages

There are several different scripting languages developers have to choose from when building applications such as ASP, JPS, Perl, CGI, and PHP. The main debate recently has been between PHP and ASPX, but it?s hard to argue against the popularity of PHP. It?s used for WordPress development and even Facebook utilizes PHP for their site so PHP comes with a certain level of credibility and popularity.
php logo
Even though most developers try to learn as many languages as possible in order to build their skills, knowledge of PHP is one of the most in-demand skills that developers should have. Aside from the fact that knowing how to use PHP will open new financial opportunities, here are some of the top reasons developers should choose PHP scripting language.
1: Simple and easy to learn
PHP scripting is definitely one of the easiest, if not the easiest scripting language to learn and grasp for developers. This is partially due to the similarities PHP syntax has with C and Java. Even if the only knowledge of development that you have is with HTML, picking up PHP is still fairly easy. For developers just starting out, PHP is often the first scripting language they learn because it?s clear and easy to understand.
2: Support
The last thing you want as a developer is to be ?stuck? with a coding issue and not have anywhere to go for help or answers. Since PHP is so popular and widely used, finding help or documentation for PHP online is extremely easy. The best part is the support is free through forums, PDFs, blogs, and social media. The fact that it?s open source also contributes to the large support community of PHP and LAMP (Linux, Apache, MySQL, and PHP) in general. PHP has the largest user base of any scripting language.
3: Freedom
When comparing PHP to a language such as ASPX, the level of freedom you get is far superior. As mentioned in reason #2, PHP is open source. You can use any text editor in order to code PHP such as Notebook++, jEdit, Emacs, Bluefish, or even just Notepad if you feel inclined. If you want to develop applications with ASPX, you?re going to be limited to Microsoft Visual Studio. Restrictions are never a good thing, especially with coding.
PHP also isn?t OS specific. You can run PHP on:
– Linux
– Mac OSX
– Windows
– UNIX
4: Free
There are no costs associated with using PHP, including updates. Keeping costs down is a goal of any business and developers as well. So the fact that you can code programs with PHP for free is a huge benefit that you won?t get with JPS, ASP, or other scripting languages that require paid hosting. There are no licenses, restrictions, or royalty fees involved at all. PHP is 100% free for anyone to use.
5: Integration
PHP is used for so many web applications and actually powers over 30% of the web. Systems such as MongoDB, Memcache, and Pusher all integrate with PHP. Almost any industry you can think of uses PHP applications in some fashion including banks, hospitals, government, and large corporations.
6: Frameworks
Almost every benefit of PHP seems to go back to the fact that the community is so large. The number of PHP frameworks available is even further proof of how strong the PHP community is. Whether you?re looking for database access libraries, session management, or code reuse, you will have no problem finding PHP frameworks to give you a helping hand. Some popular PHP frameworks include:
– Aiki
– Symfony
– Zend
– Silex
– Slim
7: Easier to fix problems
When it comes to web application development, you?re bound to run into issues and come across the occasional ?fail?. But the benefit you get with PHP is that problems aren?t as difficult to find and fix as they are with other languages. This is because with each request, PHP cleans up and starts over. So an issue with one request will not necessarily disrupt another.
8: Scalability
In the world of IT, the word scalability is like gold. Whether you?re dealing with databases, hosting, or in this case, programming, scalability is never a bad thing. Due to the way PHP is built, you can easily increase your cluster size by adding more servers as your projects grow.
9: Object Oriented
PHP actually has the ability to call Java and Windows COM objects. In addition to this, you can create custom classes. Other classes can actually borrow from those custom classes as well which extends the capabilities of PHP even further.
10: Speed
Since PHP does not use a lot of a system?s resources in order to run, it operates much faster than other scripting languages. Hosting PHP is also very easy and lot of hosts provide support for PHP. Even when used with other software, PHP still retains speed without slowing down other processes. Being that PHP is a mature language, it is also fairly stable because all the kinks have been worked out over the years.
Posted by at No comments:

Monday, 27 July 2015

To use mongodb with php you need to use mongodb php driver. Download the driver from the url Download PHP Driver. Make sure to download latest release of it. Now unzip the archive and put php_mongo.dll in your PHP extension directory ("ext" by default) and add the following line to your php.ini file:
extension=php_mongo.dll

Make a connection and Select a database

To make a connection, you need to specify database name, if database doesn't exist then mongodb creates it automatically.
Code snippets to connect to database would be as follows: 
<?php
   // connect to mongodb
   $m = new MongoClient();
   echo "Connection to database successfully";
   // select a database
   $db = $m->mydb;
   echo "Database mydb selected";
?>
When program is executed, it will produce the following result: 
Connection to database successfully
Database mydb selected

Create a collection

Code snippets to create a collection would be as follows: 
<?php
   // connect to mongodb
   $m = new MongoClient();
   echo "Connection to database successfully";
   // select a database
   $db = $m->mydb;
   echo "Database mydb selected";
   $collection = $db->createCollection("mycol");
   echo "Collection created succsessfully";
?>
When program is executed, it will produce the following result: 
Connection to database successfully
Database mydb selected
Collection created succsessfully

Insert a document

To insert a document into mongodb, insert() method is used.
Code snippets to insert a documents: 
<?php
   // connect to mongodb
   $m = new MongoClient();
   echo "Connection to database successfully";
   // select a database
   $db = $m->mydb;
   echo "Database mydb selected";
   $collection = $db->mycol;
   echo "Collection selected succsessfully";
   $document = array( 
      "title" => "MongoDB", 
      "description" => "database", 
      "likes" => 100,
      "url" => "http://www.tutorialspoint.com/mongodb/",
      "by", "tutorials point"
   );
   $collection->insert($document);
   echo "Document inserted successfully";
?>
When program is executed, it will produce the following result: 
Connection to database successfully
Database mydb selected
Collection selected succsessfully
Document inserted successfully

Find all documents

To select all documents from the collection, find() method is used.
Code snippets to select all documents: 
<?php
   // connect to mongodb
   $m = new MongoClient();
   echo "Connection to database successfully";
   // select a database
   $db = $m->mydb;
   echo "Database mydb selected";
   $collection = $db->mycol;
   echo "Collection selected succsessfully";

   $cursor = $collection->find();
   // iterate cursor to display title of documents
   foreach ($cursor as $document) {
      echo $document["title"] . "\n";
   }
?>
When program is executed, it will produce the following result: 
Connection to database successfully
Database mydb selected
Collection selected succsessfully
{
   "title": "MongoDB"
}

Update a document

To update a document , you need to use update() method.
In the below given example we will update the title of inserted document to MongoDB Tutorial. Code snippets to update a document: 
<?php
   // connect to mongodb
   $m = new MongoClient();
   echo "Connection to database successfully";
   // select a database
   $db = $m->mydb;
   echo "Database mydb selected";
   $collection = $db->mycol;
   echo "Collection selected succsessfully";

   // now update the document
   $collection->update(array("title"=>"MongoDB"), array('$set'=>array("title"=>"MongoDB Tutorial")));
   echo "Document updated successfully";
   // now display the updated document
   $cursor = $collection->find();
   // iterate cursor to display title of documents
   echo "Updated document";
   foreach ($cursor as $document) {
      echo $document["title"] . "\n";
   }
?>
When program is executed, it will produce the following result: 
Connection to database successfully
Database mydb selected
Collection selected succsessfully
Document updated successfully
Updated document
{
   "title": "MongoDB Tutorial"
}

Delete a document

To delete a document , you need to use remove() method.
In the below given example we will remove the documents that has title MongoDB Tutorial. Code snippets to delete document: 
<?php
   // connect to mongodb
   $m = new MongoClient();
   echo "Connection to database successfully";
   // select a database
   $db = $m->mydb;
   echo "Database mydb selected";
   $collection = $db->mycol;
   echo "Collection selected succsessfully";
   
   // now remove the document
   $collection->remove(array("title"=>"MongoDB Tutorial"),false);
   echo "Documents deleted successfully";
   
   // now display the available documents
   $cursor = $collection->find();
   // iterate cursor to display title of documents
   echo "Updated document";
   foreach ($cursor as $document) {
      echo $document["title"] . "\n";
   }
?>
When program is executed, it will produce the following result: 
Connection to database successfully
Database mydb selected
Collection selected succsessfully
Documents deleted successfully
In the above given example second parameter is boolean type and used for justOne field of remove() method.
Remaining mongodb methods findOne(), save(), limit(), skip(), sort() etc works same as explained in above tutorial.
Posted by at No comments:
Subscribe to: Posts (Atom)