Articles in Security

Do you know why Compose proxies database connections?

TL;DR: We use proxies to enable SSL, High Availability and Whitelisting. Because we care. Observant users of Compose will have noted that we make extensive use of HAProxy to enable users to connect to their databases. Curious observant users have won…

Continue reading »

Introducing FIDO Universal 2nd Factor Authentication

To better help you ensure your account is safe and secure with Compose, we've expanded our authentication system to support FIDO Universal 2nd Factor (U2F). If you're currently accessing your Compose databases, now would be a good time to increase th…

Continue reading »

Compose's Little Bits #16 - PostgreSQL, RethinkDB, LIGO, htop

PostgreSQL updates and advice, RethinkDB on Windows, SQL querying LIGO data, CSV on the Web, Parse updates, htop, securityheaders.io and Silicon Valley - All the links that caught the eye of Compose's technical content curator this week, in one place…

Continue reading »

PLV8 for PostgreSQL and CIDR for all

We've been making some small, but significant, enhancements to your database experience at Compose, so we thought now would be a good time to introduce you to the two latest; a newly supported language extension for PostgreSQL and the ability to be m…

Continue reading »

We're Applying The Redis Security Fix Now

Redis users on Compose are being updated to Redis 2.8.21. Although it is a minor version update from 2.8.20 it includes a fix for a security issue that requires rapid attention. This morning, security researcher Ben Murphy gave details of a Lua sandb…

Continue reading »

Elasticsearch Security Update - Groovy Scripting Dropped

Last month, Elasticsearch disclosed a security vulnerability in the database's Groovy dynamic scripting and the sandbox designed keep dynamically loaded remote scripts under control. The fix for this vulnerability involves permanently disabling Groo…

Continue reading »

Lock Your MongoDB: Don’t Be Too Open for Business

If we needed reminding about security, a recently published paper "MongoDB databases at risk", has run a port scan and identified nearly 40,000 instances of MongoDB databases visible to the public internet, yet with no authorization or authentication…

Continue reading »

Security: How We Are Responding to the Ghost Vulnerability

Excuse us while while our Operations team do some Ghostbusting. A recently disclosed security flaw, given the name Ghost but officially known as CVE-2015-0235, has triggered our security response process. At this point is that we have evaluated the…

Continue reading »

How to Securely Access Your Compose Databases

Our new access portals, available on Elasticsearch, RethinkDB and Redis have had people asking us which one should they use, so we thought we'd explain the differences and show where they fit. First a refresher on what the Compose access portals do.…

Continue reading »

Elasticsearch IP Whitelisting & Phonetic Plugins

IP Whitelists for Elasticsearch Compose users who've been trying out the Elasticsearch beta will notice a new Security tab in their Compose dashboard today. It has been added to contain the new portal and ip management features that we are building u…

Continue reading »