MongoDB (part 1): How to design a schemaless, NoSQL database
Have you thought about creating your own application but were unsure how to store data for your new app? Or maybe you have some software development experience but want a simple way to store data without worrying about schema or relationships between your data. This article looks at how you can use MongoDB to design a schemaless, NoSQL database. In subsequent articles, we will look at how to manage data in MongoDB using CRUD operations and how to secure data in MongoDB.
11 courses, 8+ hours of training
What is MongoDB?
Founded in 2007, MongoDB is a NoSQL database that stores data in JSON, BSON or XML format. It is a document database that makes it easy for developers to map and store data for their applications. A NoSQL database is a database that does not use SQL (Structured Query Language). This database does not use rows, columns and tables to organize data. In addition to document databases, other types of NoSQL databases include graph databases, field-value stores and so on.
NoSQL databases, such as MongoDB, allow you to facilitate faster querying and make it easy to scale out an organization's architecture and change the structure of documents stored in your database to suit your application requirements. To determine whether MongoDB or another database type is suitable for your application use case, check out the ‘Where to use MongoDb’ whitepaper published by MongoDB.
Why MongoDB?
Before the NoSQL databases, SQL databases reigned supreme. SQL databases are also known as relational databases. By the early 2000s, many developers had grown weary of being restricted to the predefined schema that made implementation difficult. On the other hand, NoSQL databases have advantages over relational databases in that they have flexible data models, are easier to implement, support horizontal scaling and offer opportunities for faster queries (mongodb.com, 2022).
Many prominent companies prefer NoSQL databases to store and manage their applications' data. Some major companies using MongoDB to support their mission-critical applications are eBay, Shutterfly and the company behind many popular sports games called Electronic Arts (commonly known as EA Sports).
How data is organized in MongoDB
You need to be familiar with four attributes of MongoDB to work successfully with a MongoDB database. They are:
- Database — An organization of information that allows you to store, query and manage data
- Collection — An organized store of documents. Collections hold one or more documents
- Document — An organized key/value store of datasets organized by key/value pairs
- Key/Value pair — A set of attributes that represent a data point of a particular document
MongoDB stores data in documents in either JSON, BSON or XML format. Documents hold values for your data in the form of field-value pairs. The field is a field value that holds data for a data point. The value is the data type of this information you wish to store.
For example, you may have a document with a date field holding a string that contains the date the data was stored in the document. Documents are stored in collections. Collections are used to group documents together for organizational purposes. However, no relationship between documents in a collection is required. Although Mongo stores data in field-value pairs, it holds many different data types such as strings, integers, arrays, objects, booleans and more!
Let’s take a brief look at how data looks when stored in Mongo:
In the example above, we can see that a database called “Notes” contains multiple documents. The second document contains data stored in the form of field-value pairs. Notice that the data stored in this document contain different data types. You can see that the date field holds a value for a date datatype, the note field holds a string value, the keywords field holds an array of strings and so on. Many other data types are supported and can be found in the official documentation at MongoDB.
Understanding the general architecture of Mongo is very helpful, especially when working with large applications where data may be dispersed across different databases but used together to support an application.
To support your application, you’ll likely need to manipulate the data. For example, if a user deletes a note in an application's front end, that operation must be carried out on your back-end server to update the database. In the database world, any data change is performed through CRUD operations. CRUD is an acronym that describes actions you can take on your data. CRUD is an acronym:
Create — Allows you to add new entries
Read — Allows you to view or search existing entries
Update — Allows you to edit existing entries
Delete — Allows you to remove existing entries
In the next article, we will look at how to manage data in MongoDB using CRUD operations.
Getting set up
Let’s get you set up so you can work through the examples in these articles. Here is what you need to follow along with the examples:
- A MongoDB Atlas account (free)
- An installation of MongoDB Shell
Create a database
To get started, you need to sign up for an account at MongoDB.com. Under “Deployment,” on the Database tab, click “Create.”
You will be prompted to choose a serverless, dedicated or shared database instance. Choose the “Shared” or “Free Tier” instance, which is free. The shared instance comes with sample datasets you can use for your own applications. You can also define custom datasets. Finally, create a username and password with read and write permissions, then scroll down and click “Finish and Close.”
Navigate to your new database, and you will see a cluster. A cluster is a group of servers that store copies of your data. It is a fault tolerance feature; you don’t need to think about it too deeply to understand the concepts we cover in this series.
To create a new database, navigate to Deployment > Database and in your new cluster, click ”Browse Collections.” Next, click “Create Database” and enter a database name and a collection name.
With your new database and collection defined, you can add documents to hold data for your application.
11 courses, 8+ hours of training
Conclusion
MongoDB is a NoSQL database that you can use to store data for your application. You can easily create a database to store your application data. MongoDB stores data in the form of documents. Each document holds various key/value pairs that describe attributes of the stored data. You can also manage your data using queries.
In the upcoming articles, we will look at how to manage data in MongoDB using CRUD operations. Then we will take a look at how to secure data in MongoDB.
Learn more from me in my Advanced Splunk Core learning path.
Sources
- NoSQL vs. SQL Databases, 2022, MongoDb.com
Use Case Guidance: Where to use MongoDB, MongoDb.com
- Expert instruction
- Hands-on labs
- Unlimited access
In this Series
- MongoDB (part 1): How to design a schemaless, NoSQL database
- DevSecOps: Moving from “shift left” to “born left”
- What’s new in the OWASP Top 10 for 2023?
- DevSecOps: Continuous Integration Continuous Delivery (CI-CD) tools
- Introduction to DevSecOps and its evolution and statistics
- MongoDB (part 3): How to secure data
- MongoDB (part 2): How to manage data using CRUD operations
- Understanding the DevSecOps Pipeline
- API Security: How to take a layered approach to protect your data
- How to find the perfect security partner for your company
- Security gives your company a competitive advantage
- 3 major flaws of the black-box approach to security testing
- Can bug bounty programs replace dedicated security testing?
- The 7 steps of ethical hacking
- Laravel authorization best practices and tips
- Learn how to do application security right in your organization
- How to use authorization in Laravel: Gates, policies, roles and permissions
- Is your company testing security often enough?
- Authentication vs. authorization: Which one should you use, and when?
- Why your company should prioritize security vulnerabilities by severity
- There’s no such thing as “done” with application security
- Understanding hackers: The insider threat
- Understanding hackers: The 5 primary types of external attackers
- Want to improve the security of your application? Think like a hacker
- 5 problems with securing applications
- Why you should build security into your system, rather than bolt it on
- Why a skills shortage is one of the biggest security challenges for companies
- How should your company think about investing in security?
- How to carry out a watering hole attack: Examples and video walkthrough
- How cross-site scripting attacks work: Examples and video walkthrough
- How SQL injection attacks work: Examples and video walkthrough
- Securing the Kubernetes cluster
- How to run a software composition analysis tool
- How to run a SAST (static application security test): tips & tools
- How to run an interactive application security test (IAST): Tips & tools
- How to run a dynamic application security test (DAST): Tips & tools
- Introduction to Kubernetes security
- Key findings from ESG’s Modern Application Development Security report
- Microsoft’s Project OneFuzz Framework with Azure: Overview and concerns
- Software maturity models for AppSec initiatives
- Best free and open source SQL injection tools [updated 2021]
- Pysa 101: Overview of Facebook’s open-source Python code analysis tool
- Improving web application security with purple teams
- Open-source application security flaws: What you should know and how to spot them
- Android app security: Over 12,000 popular Android apps contain undocumented backdoors
- 13 common web app vulnerabilities not included in the OWASP Top 10
- Fuzzing, security testing and tips for a career in AppSec
- 14 best open-source web application vulnerability scanners [updated for 2020]
- 6 ways to address the OWASP top 10 vulnerabilities
- Ways to protect your mobile applications against hacking
- Introduction to the OWASP API Top Ten
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Application security
Application security
Application security
DevSecOps: Continuous Integration Continuous Delivery (CI-CD) tools
Application security