You may have heard about a recent security vulnerability in MongoDB (MongoBleed). The gist is that you can (as an unauthenticated user) remotely read th...

Ayende is a software engineer, blogger, and open-source contributor known for his expertise in software architecture and database development. Readers can learn about database design, NoSQL databases, and domain-driven design (DDD). With blog posts, tutorials, and open-source projects, Ayende shares  insights and best practices for building robust and scalable software systems.

Ayende @ Rahien

MongoDB's recent MongoBleed vulnerability exposed memory contents to unauthenticated users due to handling authentication at the application level. RavenDB avoids this risk by delegating authentication to platform infrastructure (X.509 certificates via OpenSSL/SChannel), ensuring authentication happens before any application code runs. This architectural decision creates a strict separation between authentication and application logic, reducing the attack surface and simplifying security compliance. By relying on battle-tested infrastructure rather than custom authentication code, RavenDB minimizes vulnerability risks while meeting enterprise security requirements.

Swiping left on writing authentication code yourself

<ol>
<li>Its an ad</li>
<li>Not every developer understands the meaning of “swiping left”. I for example didn’t.</li>
</ol>
