Hi @all,
in the documentation I read, that REST encryption is only available at the commercial one.
As far as I understand this, that this will only affect encryption in the DB itself. But the connection between the client and the server can also be secured via tls with the community version right?
Thanks for any clarification, because the documentation are not so 100% clear.
Welcome to the MongoDB Community @MDC_MDC!
The Encrypted Storage Engine which provides native encryption at rest is a feature of MongoDB Enterprise edition. Encryption in this context is referring to the data files that are written to disk: without the encryption key, someone with direct access to encrypted data files (for example, via a backup copy) will not be able to read any of the original data. Encrypting communication over the network is a separate security measure (see the MongoDB Security Checklist for an overview).
However, there are disk/volume alternatives you could use with MongoDB Community Edition. If you happen to be using storage services via a major cloud provider (AWS, GCP, Azure), they also have options for encryption of volumes at rest (for example: Amazon EBS Encryption). Encryption at the disk or volume level prevents access to data if someone has physical access but does not have the encryption key. If someone has access to a copy of the data files from an encrypted volume, the contents of those files are not encrypted.
Yes, TLS/SSL encryption is a common feature for all modern MongoDB server editions.
Overview from the page to Configure mongod and mongos for TLS/SSL:
MongoDB can use any valid TLS/SSL certificate issued by a certificate authority, or a self-signed certificate. If you use a self-signed certificate, although the communications channel will be encrypted to prevent eavesdropping on the connection, there will be no validation of server identity. This leaves you vulnerable to a man-in-the-middle attack. Using a certificate signed by a trusted certificate authority will permit MongoDB drivers to verify the server’s identity.
Regards,
Stennie
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.