Application security

MongoDB (part 1): How to design a schemaless, NoSQL database

Gina Napier
October 4, 2022 by
Gina Napier

Have you thought about creating your own application but were unsure how to store data for your new app? Or maybe you have some software development experience but want a simple way to store data without worrying about schema or relationships between your data. This article looks at how you can use MongoDB to design a schemaless, NoSQL database. In subsequent articles, we will look at how to manage data in MongoDB using CRUD operations and how to secure data in MongoDB.

What is MongoDB?

Founded in 2007, MongoDB is a NoSQL database that stores data in JSON, BSON or XML format. It is a document database that makes it easy for developers to map and store data for their applications. A NoSQL database is a database that does not use SQL (Structured Query Language). This database does not use rows, columns and tables to organize data. In addition to document databases, other types of NoSQL databases include graph databases, field-value stores and so on.

NoSQL databases, such as MongoDB, allow you to facilitate faster querying and make it easy to scale out an organization's architecture and change the structure of documents stored in your database to suit your application requirements. To determine whether MongoDB or another database type is suitable for your application use case, check out the Where to use MongoDb whitepaper published by MongoDB.

Why MongoDB?

Before the NoSQL databases, SQL databases reigned supreme. SQL databases are also known as relational databases. By the early 2000s, many developers had grown weary of being restricted to the predefined schema that made implementation difficult. On the other hand, NoSQL databases have advantages over relational databases in that they have flexible data models, are easier to implement, support horizontal scaling and offer opportunities for faster queries (mongodb.com, 2022).

Many prominent companies prefer NoSQL databases to store and manage their applications' data. Some major companies using MongoDB to support their mission-critical applications are eBay, Shutterfly and the company behind many popular sports games called Electronic Arts (commonly known as EA Sports).

How data is organized in MongoDB

You need to be familiar with four attributes of MongoDB to work successfully with a MongoDB database. They are:

  • Database — An organization of information that allows you to store, query and manage data
  • Collection — An organized store of documents. Collections hold one or more documents
  • Document — An organized key/value store of datasets organized by key/value pairs
  • Key/Value pair — A set of attributes that represent a data point of a particular document

MongoDB stores data in documents in either JSON, BSON or XML format. Documents hold values for your data in the form of field-value pairs. The field is a field value that holds data for a data point. The value is the data type of this information you wish to store. 

For example, you may have a document with a date field holding a string that contains the date the data was stored in the document. Documents are stored in collections. Collections are used to group documents together for organizational purposes. However, no relationship between documents in a collection is required. Although Mongo stores data in field-value pairs, it holds many different data types, such as strings, integers, arrays, objects, booleans and more!

Let’s take a brief look at how data looks when stored in Mongo:

In the example above, we can see that a database called “Notes” contains multiple documents. The second document contains data stored in the form of field-value pairs. Notice that the data stored in this document contain different data types. You can see that the date field holds a value for a date datatype, the note field holds a string value, the keywords field holds an array of strings and so on. Many other data types are supported and can be found in the official documentation at MongoDB.

Understanding the general architecture of Mongo is very helpful, especially when working with large applications where data may be dispersed across different databases but used together to support an application. 

To support your application, you’ll likely need to manipulate the data. For example, if a user deletes a note in an application's front end, that operation must be carried out on your back-end server to update the database. In the database world, any data change is performed through CRUD operations. CRUD is an acronym that describes actions you can take on your data. CRUD is an acronym:

Create — Allows you to add new entries

Read — Allows you to view or search existing entries

Update — Allows you to edit existing entries

Delete — Allows you to remove existing entries

In the next article, we will look at how to manage data in MongoDB using CRUD operations.

Getting set up

Let’s get you set up so you can work through the examples in these articles. Here is what you need to follow along with the examples:

  • A MongoDB Atlas account (free)
  • An installation of MongoDB Shell

Create a database

To get started, you need to sign up for an account at MongoDB.com. Under “Deployment,” on the Database tab, click “Create.”

You will be prompted to choose a serverless, dedicated or shared database instance. Choose the “Shared” or “Free Tier” instance, which is free. The shared instance comes with sample datasets you can use for your own applications. You can also define custom datasets. Finally, create a username and password with read and write permissions, then scroll down and click “Finish and Close.” 

Navigate to your new database, and you will see a cluster. A cluster is a group of servers that store copies of your data. It is a fault tolerance feature; you don’t need to think about it too deeply to understand the concepts we cover in this series.

To create a new database, navigate to Deployment > Database and in your new cluster, click ”Browse Collections.” Next, click “Create Database” and enter a database name and a collection name.

With your new database and collection defined, you can add documents to hold data for your application.

Get your free course catalog

Get your free course catalog

Download the Infosec Skills course catalog to learn more about these courses — and hundreds more.

Conclusion

MongoDB is a NoSQL database that you can use to store data for your application. You can easily create a database to store your application data. MongoDB stores data in the form of documents. Each document holds various key/value pairs that describe attributes of the stored data. You can also manage your data using queries.

In the upcoming articles, we will look at how to manage data in MongoDB using CRUD operations. Then, we will look at how to secure data in MongoDB.

Learn more from me in my Advanced Splunk Core Learning Path. 

Sources

Gina Napier
Gina Napier

Ms. Gina Napier is a cybersecurity professional who specializes in the development of security solutions to remediate vulnerabilities in IT environments. She has spent over 13 years supporting multiple DoD branches including the Army, Air Force, Navy, and Marine Corps and has played a key role in the continued development of numerous cybersecurity programs.

As the first recipient of Microsoft's Salute to our Troops Award, Gina has shown an ongoing contribution to the IT field by encouraging shared responsibility for cybersecurity efforts across the nation. She is passionate about encouraging ethics and thoughtful analysis regarding cyberattacks in the IT industry.

Gina currently holds a master's degree in Cybersecurity as well as over 12 IT certifications, including the CISSP, CISA, AWS: Solutions Architect and Azure Administrator Associate. Currently, she is serving as a Sr. Information Security Analyst at General Dynamics and is the founder of the tech startup Switch Code. Her favorite quote is, "Find what you love to do and do it with all your heart!"