Here is a feature comparison for InfinityDB Embedded and MongoDB. Even though MongoDB is entirely different from InfinityDB, we get many requests about it. The InfinityDB Client/Server is entirely different, built on top of the embedded version.
InfinityDB Encrypted Security Features
Feature | InfinityDB | MongoDB |
---|---|---|
Encrypted Data at Rest | 100% of the data 100% of the time with selectable AES-128 or AES-256. | Enterprise Atlas Wired Tiger storage engine only. Each node requires a separate key. |
Integrity Checked Data at Rest | 100% of the data 100% of the time with HMAC-SHA256 on every block read | No |
Per-block, per-write randomization | Independent random encryption ‘initialization vector’, HMAC, and HMAC salt are kept with each block with encrypted, HMAC’ed block number. | No |
Encrypted Logs | No logs needed | No, but log level and filters may help |
Encryption re-keying or rotation | Instant password change per database via embedded AES128 key-encryption key | Manual rotation of master only for the keystore |
Database signing for authentication | Multiple signing per database with embedded X509 certificate trust chains or bare public keys, any signature algorithm, certificate verification, partial signing | None |
Data Hashing for content ‘fingerprinting’ | Fast, over encrypted or unencrypted content using SHA256 | None |
Data Shredding | Instant crypto-shred or fast overwrite of entire databases reliably deletes sensitive data | ? |
Compression of Encrypted Data | Universal full compression to 10x: Variable-length data and blocks, ZLib, UTF-8, common prefixes. | No compression – actually expansion |
InfinityDB Client/Server Security Features
Feature | InfinityDB | MongoDB |
---|---|---|
Secure Data in Motion | Universal SSL/TLS | SSL/TLS. Replication data is unencrypted |
Authentication | HTTP Basic Auth within TLS pipe | LDAP, SCRAM, Kerberos, Client Certificate. Shards and replica sets need internal authentication |
Authorization | Users, roles, permissions to databases. Admin via web GUI | Similar. Admin via CLI |
Basic Feature Comparison
InfinityDB
- Commercial, closed-source, patented technology. Relies on no other libraries
- All Java
- Embedded, Encrypted, or Client/Server. Fits anywhere: in IoT’s, personal devices, or SaaS servers
- A simple ‘ItemSpace’ data model. Accessible as tables, documents, sets, lists, arrays, objects, blobs, more.
- Data is always sorted on 12 primitive types, with no key/value distinction.
- Component-based applications use provided virtual ItemSpaces
- Embedded ‘metadata’ for dynamic schema evolution
- Documents are of any size determined by prefix, individual operations are fine-grain
- Pattern queries are declarative, syntax-free, and re-usable as regular dbms data, with select/project/join.
- Backend web server for secure administration and secure graphical database browsing and editing
- Transparently remote databases
- Universal data compression
- Transactions are ACID compliant, covering multiple disjoint data subsets at any scale
- No extra processes required
- No administration when Embedded, but security in Client/Server may need admin.
- Single encrypted file, so data is portable, not in a dedicated cluster. No log. Server handles multiple files.
- Fast – reaches 1MOp/sec cached. Natural sorted data locality improves cache effectiveness
- Multi-core for all operations
- No operational cost, single update subscription
MongoDB
- Non-permissively licensed Open-Source NoSQL DBMS based on AGPL (later, modified to the SSPL). Applications are considered ‘separate works’.
- ‘BSON’ Documents are limited to 16MB, are accessed as units.
- Scalable, using hashed sharding, so it’s used primarily for big data in clusters
- Replication for high availability
- Each non-cached point access requires a network round-trip.
- Transactions apply only to single documents handled in one update operation until v4.2.
- Unique query language is non-user friendly. No joins.
- Memory usage is high, because data tends to be stored in multiple places. No compression
- Many ‘agents’, ‘daemons’, and ‘service’ processes
- Not zero-administration
- Not appropriate for small environments such as inside IoT’s or personal devices
- Practically fixed in a single set of servers. Backups require further servers
- Pricing depends on resources consumed and plan