Hacker News new | past | comments | ask | show | jobs | submit login
Hosted RethinkDB now available on Compose (compose.io)
54 points by mrkurt on Oct 15, 2014 | hide | past | favorite | 7 comments



I feel like a SaaS offering is required for databases now a days. I don't want to go back to manning my database again, so this is exciting news. That being said, we stopped using compose (when it was called MongoHQ) after they had a worst-case data breach in which our database and that of most users was completely compromised. I learned my lesson and I make sure I understand the security situation before I use a service now. But I can find zero information on the compose.io site about what they do and what you can do when using them to keep your data secure.


That is fair. We've made a lot of changes, and databases are now running on a platform that is inherently more secure than other public cloud DB services. It's likely a much better setup than we'd have if we'd never felt the pain of a breach.

We should promote it better, but we run new DBs in isolated private networks (databases shouldn't be exposed to the public internet). This makes it a bit more difficult for customers to connect, since they need to figure out how to use SSH tunnels, and hope the DB they're running behaves well in that kind of setup. We've chosen to sacrifice the user experience for security in this case.

More generally, we changed a lot of how we store sensitive data (and broadened what we class as sensitive). Database passwords, customer keys, certificates, etc are encrypted in our DB. Encryption is managed by a "software HSM" developed by Matasano, which gives us a lot of power over who/what can decrypt bits.

Customers are getting more sophisticated as well. It's relatively new to have a database hosted/managed by an entirely different company than the rest of an application. We've been working on content to help people make the right decisions about how they handle these things, here's an example: https://blog.compose.io/encrypting-sensitive-data-in-your-mo...


As a paying user of MongoHQ (now Compose) for over 2 years, I have never known it was possible to connect via an SSH tunnel. Where is this information at?


If you want to learn more, there's a live web chat on Oct 22 with Kurt and Slava, the CEOs of Compose and RethinkDB: http://www.meetup.com/RethinkDB-Bay-Area-Meetup-Group/events...


I deployed a three node RethinkDB cluster the other day. The process was very smooth and I love the web UI. If operating the cluster proves to be as simple, they have managed to remove so many pains that you need to deal with with other vendors that paying for a hosted version makes little sense.


I'm really excited by this, rethinkdb is awesome


Will they include a free sandboxed database as they did for MongoDB?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: