Security Issue: Reusing the NoSQL handle multiple times in Oracle NoSQL Database Cloud Service

Question

We are testing a bunch of microservices that connect to Oracle NoSQL Database Cloud Service for storing and querying the metadata/event information of our services.

Question on whether the NoSQL handle can be used for every request was raised in my team.

Does the handle have any timeout period? Creating a new NoSQL handle is taking a little bit of time.

Below is my code snippet to create a new NoSql Handle:

SignatureProvider provider = SignatureProvider.createWithInstancePrincipal();
NoSQLHandleConfig config = new NoSQLHandleConfig(Region.US_PHOENIX_1, provider);
config.setDefaultCompartment(context.getCompartmenId());
NoSQLHandle handle = NoSQLHandleFactory.createNoSQLHandle(config);
return handle;

What are the security implications if I reuse the NoSql handle for every request?

Please advise.

score 0 · Answer 1 · answered Oct 18 '21 at 20:33

0

The handle does not have any specific timeout. It can (and should) be reused for many requests.

Is there a specific security issue you are thinking of? With Instance Principals as the SignatureProvider there shouldn't be any specific security issues.

answered Oct 18 '21 at 20:33

John Connelly

1

Security Issue: Reusing the NoSQL handle multiple times in Oracle NoSQL Database Cloud Service

1 Answers1