Analysis of the Unexplored Security Issues Common to All Types of NoSQL Databases

Abstract

NoSQL databases outperform the traditional RDBMS due to their faster retrieval of large volumes of data, scalability, and high performance. The need for these databases has been increasing in recent years because data collection is growing tremendously. Structured, unstructured, and semi- structured data storage is allowed in NoSQL, which is not possible in a traditional database. NoSQL needs to compensate with its security feature for its amazing functionalities of faster data access and large data storage. The main concern exists in sensitive information stored in the data. The need to protect this sensitive data is crucial for confidentiality and privacy problems. To understand the severity of preserving sensitive data, recognizing the security issues is important. These security issues, if not resolved, will cause data loss, unauthorized access, database crashes by hackers, and security breaches. This paper investigates the security issues common to the top twenty NoSQL databases of the following types: document, key-value, column, graph, object- oriented, and multi-model. The top twenty NoSQL databases studied were MongoDB, Cassandra, CouchDB, Hypertable, Redis, Riak, Neo4j, Hadoop HBase, Couchbase, MemcacheDB, RavenDB, Voldemort, Perst, HyperGraphDB, NeoDatis, MyOODB, OrientDB, Apache Drill, Amazon, and Neptune. The comparison results show that there are common security issues among the databases. SQL injection security issues were detected in eight databases. The names of the databases were MongoDB, Cassandra, CouchDB, Neo4j, Couchbase, RavenDB, OrientDB, and Apache Drill.