Split data across several databases for security or not?

Nilom_N_A · September 15, 2021, 5:09pm

Hello there!

First, I’m pretty new to Mongodb. I’m also not a programmer, but I have a basic understanding of programming and Javascript.

Somewhere I have read that it is advisable, for security reasons, to split a users data across multiple databases.

Is that correct or is it equally secure to just have the data on one place and to carefully set the role permissions?

I’m making a social app. My idea currently was to use 2 databases:

1) ClientDB (For any requests a Client app could make)
1a) PrivateUserData (Collection which includes only data the user itself can access. Like settings, messages etc.)
1b) PublicUserData (Collection which includes all publicly visible data like username, last sign in etc.)

2) ServerDB (Only used internally. Includes Account data, purchases etc. and can not be read or modified from a clients side.)

Does this make any sense or is it way too slow or redundant to separate the data?

wan · September 30, 2021, 5:33am

Hi @Nilom_N_A, and welcome to the forums!

So that we could find out more, would you be able to share where did you read this information from ?

In order to protect your MongoDB deployment, I’d recommend to implement the security measures listed on Security Checklist. See also Security Best Practices.

Instead of modifying your application data model, I’d suggest to focus on the security measures listed above.
Based on your example, it may be challenging if you would like to connect users and purchases if they live on different databases.

Regards,
Wan.