[mkhpalm]

Why is everybody immediately making these types of diversion responses regarding relational datastores to mongodb breaches? Mongo has popularity and 2 fixable issues that make the exposure numbers outweigh those of every other datastore right now.

1. There is no password prompt during installation. This was the same problem many relational databases had back in the day with default user credentials. Today, I don't know of a single relational datastore that comes with default credentials during installation. (ignoring things that shouldn't go to production like homebrew) Individually, they all said it was a "security threat" and did something about it.

2. Things like MMS or other offering from MongoDB itself expect you expose your nodes externally so they can manage things for you. This can easily be made secure... but its contradictory in nature. It suggests to somebody who probably doesn't know what they're doing on the IT or DevOps fronts to do something more easily dangerous than not... just so they can sell their vendor services to you. Its a recipe for disaster but its also easily fixable with a few design changes on their side.

[Kristine1975]

I guess you could read my post as "others aren't better than MongoDB", but that wasn't my intention. I merely remembered the WEF anecdote and thought I'd mention it here (although it's unfortunate I didn't find an English source for it).

MongoDB is repeating the same mistakes others made 15 years ago.

[mkhpalm]

Apologize, wasn't really directed at you. I'm sure you've seen all the other comments related to this type of news.

Sounds like we both agree that MongoDB is repeating the same mistakes others had made 15 years ago. The only difference is, back then, there was a less dramatic excuse for how it got that way.