Hacker News new | ask | show | jobs
by chubot 1422 days ago
That evaluation isn't about security; it's about durability -- does the database actually save your data under all circumstances?

In this Jepsen analysis, we develop new tests which show the MongoDB v0 replication protocol is intrinsically unsafe, allowing the loss of majority-committed documents. In addition, we show that the new v1 replication protocol has multiple bugs, allowing data loss in all versions up to MongoDB 3.2.11 and 3.4.0-rc4. While the v0 protocol remains broken, fixes for v1 are available in MongoDB 3.2.12 and 3.4.0, and now pass the expanded Jepsen test suite.

It does look like it was fixed though.

I remember some mealy mouthing but maybe I got them confused with others subject to Jepsen tests ...
2 comments
dilyevsky 1422 days ago
The parent refers to an issue from 2016 when 30000 (!) dbs on the internet got deleted/ransomed. The fact they blame the customers for this and totally confuse this with data loss is kinda telling huh? Sounds like data integrity wasn’t a big thing internally at mongo after all
link
docmechanic 1422 days ago
I think we're conflating two different issues.
link
dilyevsky 1422 days ago
Yes, this https://www.zdnet.com/article/hacker-ransoms-23k-mongodb-dat... has nothing to do with jepsen report pointing out durability issues within db engine itself which mongo was known for
link
docmechanic 1422 days ago
Yeah, that was a separate issue, unrelated to the default authentication setting of the default db. And, yes, we fixed it.
link