RethinkDB 2.3: user accounts, network encryption, Windows support

Today we’re pleased to announce the release of RethinkDB 2.3 (Fantasia). Download it now!

RethinkDB 2.3 has new security features that bring more flexibility to database deployment and administration. The update also includes performance improvements, a handful of new ReQL features, and a beta release of our recently-introduced Windows port. Here are some of the highlights:

  • Network encryption: built-in TLS support encrypts database connections
  • Users and permissions: you can achieve granular control over database access by creating user accounts and assigning permissions
  • The fold command: we added a new fold command to the ReQL query language that lets you perform reduce-like operations on ordered streams, with optional support for emitting a stream of values based on the current accumulator state.
  • Windows compatibility: support for running RethinkDB on Windows is now in beta. You can download and install RethinkDB 2.3 on Microsoft’s operating system.

Network encryption

RethinkDB 2.3 includes TLS support, contributed by Josh Hawn. Josh integrated OpenSSL, enabling encryption on the wire for both the client driver protocol and communication between database servers in a cluster. This update also brings encryption to RethinkDB’s web-based administrative user interface, which you can now access with an HTTPS URL.

In conventional RethinkDB deployments, users typically run their application server within the same closed network as their database servers. In that specific kind of environment, where the database isn’t exposed to the public internet, there’s typically little need for encryption.

There are, however, many deployment scenarios where encryption is desirable. Support for TLS gives users more flexibility, supporting a broader range of deployment configurations. You no longer have to rely on SSH tunneling and other similar measures to facilitate secure remote access to a RethinkDB cluster.

When you launch RethinkDB from the command line, you can turn on TLS by using the relevant command line parameters to point to the desired certificates.

Access control

RethinkDB 2.3 introduces access control, in the form of user accounts and permissions. You can apply permissions to the entire cluster, an individual database, or a table within a database. Permissions control a given user’s access to the specified resource. RethinkDB supports the following permissions:

  • read: allows the user to access and read documents
  • write: allows the user to insert, modify, and delete documents
  • config: allows the user to modify settings

There’s also a special connect permission (only configurable at the top level) that controls whether the user can access the outside world with the r.http command.

RethinkDB 2.3 adds two new system tables that contain access control settings. The new users table contains all of the RethinkDB user accounts. Each account is stored as a separate document, with a unique username as the id value. There’s also a permissions table, which contains documents that describe the permissions assigned to users in various contexts.

User administration is easy, powered by the database itself. To create a new user account, all you have to do is perform a ReQL query that inserts a new record in the users table. To assign permissions, you can use the new grant command. The following example shows how to create a new user and grant that user read, write, and config permissions on a database called test:

r.db("rethinkdb").table("users").insert({id: "skyla", password: "r3dd0t"})
r.db("test").grant("skyla", {read: true, write: true, config: true})

Under the hood, RethinkDB operations that write to the users table will automatically hash and salt the string value provided for the password property. When you view the contents of the table, it shows a boolean value for that field (indicating whether there is a password) instead of the underlying hashed string.

The grant command takes the name of the user and an object with the desired permission assignments. In the example above, I chained the grant command to a database to apply the permissions to that scope. If you use r.grant instead of chaining it to a database or table, you can set a user’s permissions globally for the cluster.

Out of the box, RethinkDB comes with an “admin” account that requires no password. With the default configuration, you don’t need to provide any credentials to establish a connection: you can continue using the database exactly as you did before. If you want to enable access control, you can modify the “admin” document in the users table and add a password field. You can create additional users and configure permissions as needed.

Database client drivers use a SCRAM exchange to authenticate the user. SCRAM’s challenge and response model ensures that the authentication process is secure even without TLS enabled.

Although you can use access control securely without TLS, keep in mind that conventional ReQL operations are visible on the wire if you don’t have TLS enabled. If you perform ReQL commands that contain passwords, like the example above that inserts a new document into the users table, you should consider using an encrypted client connection.

Supporting SCRAM required some changes to the RethinkDB client protocol. We’ll have updated protocol documentation to share soon for Developers who want to support the feature in their own client drivers.

The new access control features are largely designed to reduce the impact of potential security breaches and prevent accidental interference between multiple applications using the same database cluster. At the present time, we don’t recommend mapping users of your application to database user accounts or similarly exposing the database’s access control system as a security mechanism in your applications.

Regardless of configured permissions, there are still a number of malicious things that an authenticated user can do to disrupt the database. For example, a user can perform queries that effectively act as a denial of service, soaking up excessive resources. Quotas and other features that would prevent against such attacks are not yet supported.

ReQL improvements

We added several new features to RethinkDB’s ReQL query language in version 2.3. The most notable addition is a new command called fold. It’s similar to the reduce command, but it takes a starting value as the first parameter and it operates on streams in sequential order. Here’s a really simple (and somewhat contrived) example that shows how you’d use the fold function to add up all the elements in a range:

r.range(10).fold(0, (x, y) => x.add(y))

The fold command also takes an optional emit argument which accepts an anonymous function that returns an array. The output is a stream in which all of the returned arrays are concatenated. The following example shows how to use the fold command to perform a query that collects every third item in an ordered sequence:

r.table("items")
 .orderBy(r.desc("score"))
 .fold(0, (prev, cur) => prev.add(1),
   {emit: (prev, row, cur) => r.branch(prev.mod(3).eq(0), [row], [])})

Another noteworthy ReQL improvement in this release is support for attaching a changefeed to the getIntersecting command, a feature that will make it easier for location-aware apps to notify users of nearby activity. You can look at the relevant tag in the RethinkDB issue tracker for more details about the 16 ReQL improvements in the 2.3 release.

On the performance front, we rewrote the eqJoin command from the ground up to significantly improve its efficiency and scalability in clustered environments. In common scenarios that involve distributed eqJoin operations, you can expect the operation to run as much as ten times faster in RethinkDB 2.3.

Windows port

RethinkDB 2.3 is the first release to ship simultaneously on Windows alongside Linux and Mac OS X. As we discussed in a blog post last month when we released an early developer preview, RethinkDB’s native Windows compatibility is the result of an intensive year-long engineering effort that touched nearly every part of the database.

As of the 2.3 release, RethinkDB on Windows is officially in beta. You shouldn’t trust it with your data or deploy it in production environments yet, but it’s a great option for a developer who wants to start building RethinkDB applications on a Windows PC.

Download RethinkDB 2.3 today

For more details, check out the official release notes. To try the new release for yourself, download and install it today.