Security Best Practices

Best practices should be observed at all times, in order to ensure the security of Couchbase Server itself, the media it uses for data-persistence, the internal and external networks on which it resides, and the applications that query it.

Securing Couchbase Server

Security must be enforced — in order to protect data from being stolen, eavesdropped upon, or corrupted — throughout the entire Couchbase Server-environment: this environment includes the internal memory, processing, and storage-facilities of individual server-nodes within a cluster; the network across which the nodes communicate with one another; and the network beyond the cluster-perimeter. Security procedures must be checked constantly; and should be upgraded with frequency.

Within the Cluster

On each node of the Couchbase Server-cluster, essential security measures include:

All are described in detail, in this section.

Beyond the Cluster

Security must be maintained:

Across the network, by proper configuration of IP tables and ports.
Within individual applications, by appropriate use of the client configuration cache, and by performing user input validation.
In the cloud, through appropriate configuration of Network Access Control Lists (ACLs) and security groups, as well as Cross Datacenter Replication (XDCR).