Microsoft is attempting to capitalize on a recent spate of ransom attacks on unsecured MongoDB instances by encouraging developers to switch to working with its own Azure-based DocumentDB system.
The free version of MongoDB ships with the default TCP port 27017, and with so many administrators failing to run port
to change it, attackers have plundered insecure instances in a lot of data breaches and ransom attacks too.
Following its security investments in Azure, Microsoft has waded into the debate about whether MongoDB is suitable for production purposes by encouraging developers to jump ship and get working on Azure’s DocumentDB.
The invitation was made in an open letter-cum-blogpost with the hashtag-tingling title of “Dear #MongoDB users, we welcome you in #Azure #DocumentDB“.
Penned by Microsoft’s Rimma Nehme, architect at the open-source software analytics and NoSQL group, the missive misses no time in opening: “First and foremost, security is our priority.”
Nehme continues by not only providing a table mapping DocumentDB features to MongoDB’s security checklist, but also presenting a sophisticated visual guide comparing the services’ relative security, which we reproduce here:
While DocumentDB’s protocol support for MongoDB could ostensibly make migration easier, its lack of support for baseline aggregation functions and partial updates has provoked some complaints on the Azure feedback page.
MongoDB declined to comment on Microsoft’s pitch to its users.