Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

11/4/2010
06:27 PM
Adrian Lane
Adrian Lane
Commentary
50%
50%

NoSQL: Not Much, Anyway

I don't get the NoSQL movement. Most old-school database administrators don't. In fact, a lot of people don't understand what NoSQL is exactly because, quite frankly, there's not much there. Most of the features and functions we consider synonymous with databases are unwanted by developers of nontransactional systems and are falling by the wayside as companies push applications into the cloud.

I don't get the NoSQL movement. Most old-school database administrators don't. In fact, a lot of people don't understand what NoSQL is exactly because, quite frankly, there's not much there. Most of the features and functions we consider synonymous with databases are unwanted by developers of nontransactional systems and are falling by the wayside as companies push applications into the cloud.Conversely, application developers -- especially Web application developers -- don't "get" relational databases. They understand how they work, but they just don't understand why you need all that stuff. You know, like transactional consistency. Or predefined structures. Or rollbacks. Just give them some place to dump data -- any kind of data -- and a quick way to look it up again. They don't want to define data types in advance. They want all of the data manipulation and processing within their application. Further, accuracy and consistency are less important that speed and scale.

Database administrators respond by saying, "If you don't want the overhead of a database and you don't need transactional consistency, just use a file." And that's pretty much what application developers are doing and driving the NoSQL movement. The desire to store more data and inspect much larger data sets across distributed computing platforms has become a necessity for many Web-based applications. All without having to spend millions of dollars on a giant data warehouse. By reducing the complexity of the database engine, and by defining -- as they go -- how to store and reference that data, they get a lot better performance. It's a database, but it lacks most of the features and functions of relational database technology.

So what is NoSQL? That's a hard question to answer because NoSQL is more of a design concept than an actual product. Basically, NoSQL implementations are a storage engine. Most NoSQL variants strip away SQL statement parsing because NoSQL is not structured relationally. In many cases, there is no structure at all, just data with its index value. Without a relational structure, you remove the need for query execution plans, table concurrency, and locking for read consistency.

By removing all that code and complexity from the database engine, along with incredibly cheap memory from cloud service providers, most of the database code and data indices can be stored in memory. By removing tasks that require a lot of processing overhead and placing a higher percentage of code in memory, you speed operation by (nearly) an order of magnitude. Cheap and fast is a very attractive option!

I am certain there are some firms (Google, Amazon, and Facebook) and project managers out there who will be offended by my definition because BigTable, Dynamo, SimpleDB, and Cassandra are used by millions each day, whether or not they know it. But it's not off-the-shelf software. And for every relational trait a NoSQL database is supposed to forgo, you can always find one or more project or product variants that offers things like consistency, replication, or complex storage options.

Make no mistake: I am not trying to marginalize the efforts of the developers behind these projects or the need for this kind of tool. NoSQL is here and will be for a long time because it solves several fundamental problems for application developers. But don't confuse NoSQL with relational database. Think of it in terms of document storage.

Adrian Lane is an analyst/CTO with Securosis LLC, an independent security consulting practice. Special to Dark Reading. Adrian Lane is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and secure software development. With experience at Ingres, Oracle, and ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20383
PUBLISHED: 2020-08-13
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...
CVE-2020-24342
PUBLISHED: 2020-08-13
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.