Chapter 9. Keeping Oracle NoSQL Database Secure

Table of Contents

Guidelines for Securing the Configuration
Guidelines for Deploying Secure Applications
Guidelines for Securing the SSL protocol
Guidelines for using JMX securely
Guidelines for Updating Keystore Passwords
Guidelines for Updating the SSL key/certificate
Guidelines for Operating System Security

This chapter provides a set of guidelines to keep your Oracle NoSQL Database secure. To maximize the security features offered by Oracle NoSQL Database, it is imperative that the database itself be well protected.

Security guidelines provide advice about how to configure Oracle NoSQL Database to be secure by recommending security practices for operational database deployments.

Guidelines for Securing the Configuration

Follow these guidelines to keep the security configuration secure:

  • The initial security configuration should be generated on a host that is not intended for KVStore operational use, using the securityconfig create config command.

  • SNs should be deployed by running makebootconfig with the -store-security enable argument. The configured security directory from the reference host should be copied to the new Storage Node KVROOT using a secure copy mechanism prior to starting the store.

  • The security configuration should be kept in a protected location for future use.

  • Updates to the security configuration should be performed on the configuration host and copied to the operational SN hosts using a secure copy mechanism.

  • After the first user is configured but before allowing applications to use the store, you may wish to restart all SNA processes on hosts running Admin processes and then use the Admin CLI show users command to ensure that there is only the single user definition that is expected. This step validates that no other user creation occurred during the period when administrative login was not required.