OrientDB Database Security

London – January 16th, 2017

By OrientDB CEO, Luca Garulli

After ransomware groups recently wiped off about 34,000 MongoDB database and exposed about 35,000 Elastic Search databases on the Internet*(read the full article), we advise that OrientDB users double check their OrientDB server.

OrientDB’s average level of security is much stronger than both MongoDB and ElasticSearch. However, nothing can keep you totally safe, specially if you are exposing an OrientDB server directly to the Internet and/or you haven’t changed the default password in your database.

Follow this 5 minute action plan to keep your OrientDB database safe:

1. If you aren’t using the default users (admin, reader and writer), then delete them.

2. If you’re using them, be sure you changed the password for all 3 default users: admin, reader and writer.

3. When you installed OrientDB for the first time, the script asked for the root password. Make sure you didn’t set something obvious such as “root“, “orientdb“, “password“, or any other simple/obvious password.

Now a little advice to keep OrientDB even more secure:

1. If you can, don’t expose the OrientDB server to the Internet.security-box

2. Remember that starting from v2.2 you can configure stronger SALT cycles for hashed passwords. Take a look at the following page for more details: https://orientdb.com/docs/2.2/Database-Security.html#password-management.

3. If you’re working with very sensitive data, please consider using Encryption at REST with AES algorithm. For more details, take a look at the following page: http://orientdb.com/docs/2.2/Database-Encryption.html.

4. Don’t use a password at all. Since v2.2.14, OrientDB Enterprise Edition supports authentication via symmetric keys for the Java client. See https://orientdb.com/docs/2.2/Security-Symmetric-Key-Authentication.html.

5. Lastly, don’t forget OrientDB’s other advanced security features, such as Kerberos authentication, LDAP users, password validation, and auditing.

More Resources:

  1. Database Security
  2. Server Security

For any question, don’t hesitate to ask to the Community Group.

Thanks and keep your data safe!

Luca Garulli
Founder & CEO
OrientDB LTD


Jim Stock Joins OrientDB to Lead and Build the Worldwide Sales Organization

London, UK (Nov 2, 2015) – Orient Technologies, the company behind OrientDB (www.orientdb.com), the graph-document database that pioneered the multi-model concept, announced today that Jim Stock, an experienced executive in the NoSQL database market, will join the company as Vice President of Worldwide Sales.

Jim is an accomplished enterprise sales leader who brings more than 20 years of experience to Orient Technologies. Most recently, he was Senior Director at MongoDB where he led the EMEA Field Sales team during a time of unprecedented growth. Prior to that, Jim served as a Director at Marklogic where he held a variety of management roles, including running the team responsible for the largest vertical market, Media. Prior to MarkLogic, he spent 9 years in various management positions at Bertelsmann. Throughout his career, Jim has built high performance sales teams that consistently deliver strong results.

“Hiring a sales leader of Jim’s experience is an endorsement of the immense opportunity for the leading multi-model database to transform one of the largest industries,” said Luca Olivari, President, OrientDB. “Jim’s experience with managing enterprise clients and deep knowledge of the database market will be essential during this accelerated stage of our growth.”

“OrientDB, with its combination of graph and document models, represents the next stage in the evolution of the NoSQL database.” said Jim. “I was really impressed with the mission criticality of the applications that organizations are building with OrientDB, whether it’s a tier 1 e-Commerce company that built a Recommendation Engine that combines Product Catalog data to drive increased online revenue, or a leading global bank putting OrientDB at the heart of their technology refresh applications.”

With downloads exceeding 70,000 per month, more than 100 community contributors and 1000’s of production users, Orient Technologies is experiencing tremendous growth in both community and Enterprise adoption. The native multi-model database combines the connectedness of graphs, the agility of documents and the familiar SQL dialect. Fortune 500 companies, government entities and startups all use the technology to build large-scale innovative applications. Some of their clients include the United Nations, Pitney Bowes, Sky, CenturyLink and Sonatype. OrientDB recently won the prestigious 2015 Infoworld Bossie Award.

Orient Technologies is the main sponsor and the commercial supporter of OrientDB.


Unlock the full potential of your enterprise’s data