Most recommended database for security and stability ?



  • All in the title 😛 !
    "Most recommended database for security and stability ?"



  • @Technowix Personal preference really. All databases used by NodeBB (except maybe LevelDB) are considered stable, they wouldn't use it if it wasn't. It just depends on your use case, if you want your site to be quick, use Redis, if you have a lot of data and aren't too bothered about speed, then Mongo may be more for you. A database is as secure as the password you use.

    What a lot of people aren't realising is that the error when they start NodeBB regarding "a password was supplied but not required" actually means that the Redis database is unsecure. You need to edit redis.conf and actually add the password into that file (there's a part about requirepass). Then make sure it matches in your config.json in the nodebb folder. Not running a password is on a par with running MySQL as root with no password.

    So it's as secure as you make it. My password for Redis is 52 characters long. 👍



  • Ahah, right, but i see lot of thing in "ram based" database, like not saving after crash or other bad things,... And who have the less impact on the system ?
    All my password are 32 character, that enougth for everything xP



  • @Technowix As long as you take regular backups, data loss should be minimal (if it happens, which, no one to my knowledge has reported), Redis does a BGSAVE every now and then (configurable somewhere) so it takes a backup after so many writes, or after X amount of time. I'm not a Redis expert, but, I've been using it for months without issue.

    I think the pros and cons of Redis v Mongo would be better answered by someone who had a bit more knowledge on the subject. I know @julian loves these types of discussions. If you want stability, then Mongo would be the way to go, as the data is stored on hard drives (or SSDs if you use Digital Ocean). However even RAID drives can go wrong.



  • I think i will continue trought mongoDB, they seem more "active" on the net, so more supported, and my community are not really "flooders" so mongodb seem to be a good shot 🙂 ! Thank !
    Anyway, debate are still open o/ as of i never tried Redis, the voice of a guys who have tried both for a long time could be interesting 😛



  • The problem I have with Redis is that it stores the entire database in RAM, so if your site does take off in a huge surge of new posts, you're going to have a bad time unless you upgrade for more RAM.
    Although, if that does happen, you'd probably want to upgrade your VPS anyway. Personally I'm looking forward to the dual DB setup that I think the devs mentioned at some point, because I'd like to cache some of my DB in RAM instead of all of it.



  • How difficult would it be to convert from redis to mongoDB if some form of spike did end up happening to the extent that upgrading to twice the RAM wouldn't help?



  • I subscribe the idea of having both MongoDB and Redis are used simultaneously, with Redis serves as caching database. Maybe the dev team might come up with that later. Pray for the best.






  • Plugin & Theme Dev

    @luke

    nothing yet. However, what are you expecting to to migrate?

    the basics?

    • Users (passwords may not be migrated in some cases)
    • Categories
    • Topics
    • Posts

    or everything?

    • All of the above
    • Chat messages
    • Nodebb Configs
    • plugins w/ configs

    I wonder If I can avoid writing all data to disk then to the new db, but rather reading from DB and writing to the new one immediately, that would be the best way to do it IMO.



  • @bentael Probably everything, I think it should be as seamless as possible with minor permanent damage or changes that need to be made again after the switch.

    I personally don't need to migrate, but it's definitely something that would be handy for some people and I'd definitely try it out.



  • Passwords should transport over just fine between changing from mongodb to redis. They're both bcrypt. I believe. 😆


  • Plugin & Theme Dev

    Passwords should transport over just fine between changing from mongodb to redis. They're both bcrypt. I believe.

    true, even if we're using 2 different nodebb instances, with different config.json (secret and bcrypt_rounds), the bcrypt.compare should not fail right? @a_5mith you seem to know more about this than I do.



  • @bentael Well, as long as the rounds are the same, they should be fine. I'm not sure if the secret in config.json has anything to do with the hashing technique or not, but you could probably take a note of it to make sure.


  • Admin

    Personally I'm looking forward to the dual DB setup that I think the devs mentioned at some point, because I'd like to cache some of my DB in RAM instead of all of it.

    This branch which will probably be merged in 0.5.1, refactored the current dual-database system to let you choose certain keys for the secondary database to handle.

    So you could have mongo as primary, and let redis handle all your notification (ex. messages:[\\S]*) and chat keys (ex. uid:\\d*:chats[\\S]*), for example. Sample config:

    {
        "base_url": "http://127.0.0.1",
        "port": "4567",
        "secret": "b78f8ec9-23a4-44a0-9e2a-ae8f0ffc7526",
        "bind_address": "0.0.0.0",
        "database": "mongo",
        "secondary_database": "redis",
        "mongo": {
            ...
        },
        "secondary_db_keys": "uid:\\d*:chats[\\S]*",
        "redis": {
            ...
        },
        "bcrypt_rounds": 12,
        "upload_path": "/public/uploads",
        "use_port": false,
        "relative_path": ""
    }
    

  • Plugin & Theme Dev

    woah!
    why would you even allow different keys?


  • GNU/Linux Admin

    @a_5mith said:

    So it's as secure as you make it. My password for Redis is 52 characters long. 👍

    Passwords for NodeBB hosted instances are 512 characters long :shipit:

    @luke said:

    Personally I'm looking forward to the dual DB setup that I think the devs mentioned at some point, because I'd like to cache some of my DB in RAM instead of all of it.

    We're actively testing and possibly going to implement some dual DB code shortly... so that may be of interest to you.



  • @julian said:

    @a_5mith said:

    So it's as secure as you make it. My password for Redis is 52 characters long. 👍

    Passwords for NodeBB hosted instances are 512 characters long :shipit:

    oh come on

    😆


  • Admin

    woah!
    why would you even allow different keys?

    Definitely experimental and hidden behind an --advanced setup flag. We might actually give this a shot on a live env potentially next week, to offload notification queries from mongo onto redis


Log in to reply
 

Suggested Topics

  • 1
  • 3
  • 1
  • 1
  • 2
| |