Tag: security
Skipping default bucket creation
Some days ago I made the following search: “databases unprotected”. It is really incredible the number of databases deployed without authentication. Most of them are just test databases published on the internet, but others are exposing sensitive data. (Image Licensed through...
Manuel Hurtado, Solutions Engineer, Couchbase
August 22, 2016
Configuring IPsec for a Couchbase Cluster
Introduction Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by...
Tim Wong
July 15, 2016
Securing Couchbase Server using Let’s Encrypt x.509 Certificates
Summary Securing data and access to data for application data is an important step in securing your environment for client applications and database protection in any sized environment. One of the simplest methods to secure data is the access path...
Austin Gonyou, Solutions Engineer, Couchbase
June 22, 2016
Watching SCRAM authentication in Java
SCRAM authentication is one of the new features in version 4.5. Check this blog entry for an introduction on SCRAM in Couchbase. In this article we will cover how to monitor SCRAM handshake from Java. First, you do not have...
The Couchbase Team
May 27, 2016
Improved security in Couchbase 4.5: SCRAM-SHA
Security is important to us, here at Couchbase. I'd like to draw your attention to a new security feature in Couchbase 4.5 that might otherwise go unnoticed: SCRAM-SHA (pronounced like 'scram-shaw'). (Scram Image Licensed through Create Commons via...
Matthew Groves
May 25, 2016
Hashing Passwords Stored in Couchbase Server with Node.js
Why You Should Hash All passwords should be hashed before entering a database because you have to consider the scenario where some malicious user attempts to gain entry into your data. Passwords are sensitive pieces of information that you don’t...
Nic Raboy, Developer Advocate, Couchbase
January 3, 2016
The Security Tipping Point
We are really excited about our partnership with Vormetric and welcome the below guest blog post by Michael Rothschild from Vormetric. I remember in the heady days of the dot.com boom where people were just migrating off their 56.6K...
Don Pinto, Principal Product Manager, Couchbase
December 16, 2015
Guest post from CenterEdge Software: Couchbase and N1QL Security
Note: this is a guest post by Brant Burnett of CenterEdge Software, a company which developes POS and specialty software for the amusement park, leisure and entertainment industries. Overview N1QL is an incredibly powerful new tool which will help to...
Jeff Morris, Senior Software Engineer, Couchbase
September 29, 2015
Heartbleed Bug and Couchbase Server
Security should be at the heart of any enterprise product and we take security of our products seriously. Recently, a serious vulnerability (a.k.a Heartbleed) was discovered in the OpenSSL library and because Couchbase Server has some cryptographic components, we wanted...
Don Pinto, Principal Product Manager, Couchbase
December 17, 2014
IPTables Firewall Settings for Couchbase DB and Couchbase Mobile Sync_gateway
It is all too common for people to just turn off IPtables instead of actually figuring out what ports to open. I have to admit I have done it myself. Well we need to stop that. IPtables is our friend, really....
Kirk Kirkconnell, Senior Solutions Engineer, Couchbase
December 16, 2014
Poodle bites and ends SSL3
SSL version 3 is no longer secure. Recently, a new vulnerability in the SSL v3 protocol called the ‘Poodle attack’ was discovered by folks at Google. At Couchbase, since we take the security of our products seriously, we wanted you...
Don Pinto, Principal Product Manager, Couchbase
December 16, 2014