As long-time open source developers, we carefully evaluated MongoDB's server side public license upon release. While we are committed to open source for Apostrophe, we did not want to base our decision making process strictly on whether the underlying database met a strict standard of open source. What we really needed was a database that will be around for a long time. After deliberation, we found that the server side public license is the right balance between freedom, driving value for the community and making sure the company behind the database remains healthy for the long run.
A small digression into Atlas, MongoDB’s fully-managed cloud database, here. We're big fans and we use it for most projects at a significant scale. While the free, downloadable community edition is useful for a single server project, we find that the pricing for larger projects on Atlas is quite reasonable and well worth the investment to achieve better scalability, durability and availability while reducing operational overhead.
MongoDB delivers very high performance to begin with, due to the lack of SQL parsing and the design of the WiredTiger storage engine. But being able to represent an entire page as a single document while retaining the meaning of the data structures inside pushes performance much higher in practice because we're not relying on many layers of SQL joins just to obtain the current version of the current page.
When it comes to security, we have found MongoDB to be an immediate relief in this area. Because queries are actual data structures and are not parsed as strings, attacks similar to SQL injection attacks are just not possible. This is not to say that the system is completely infallible. Denial of service attacks are still possible if features like regular expressions are misused. But the main thing to remember here is to apply MongoDB's features as intended. MongoDB is safe when its features are used correctly. And even when they aren't, it's much safer than SQL.
Other deciding factors
Integrated Search - MongoDB's text queries can be mixed and matched with other criteria, right in the same query object. That means they are composable and you're never trying to create a painful join between two different kinds of databases.
Composability - MongoDB's query objects can be composed directly into larger queries using
$or operators without string concatenation. This allows separate functions to contribute permissions checks, type checks and range checks to the same query without overhead.
Aggregation - While we are not a big data company, we still do use MongoDB's aggregation features for jobs like creating a more powerful replacement for the
distinct method that has the ability to get back counts for all the distinct values of a property.
Good choices, great technology
So that's the story of how MongoDB allowed us to push the performance of ApostropheCMS up and push the complexity of our code down and welcome our developers to the promised land of writing one language all day. If you have CMS tasks, you can avoid some code switching of your own by using a CMS that's native to your preferred database.