-1
In the relational model, when using SQL we have to pay attention to SQL Injection in our application.
At Redis and Mongodb, what precautions should I take when building a database query?
Remembering that I’m using Nodejs, but I think it applies to any language.
1
If you are using PHP, yes, you may suffer from SQL Injection, but the format that is used to write data to Mongodb (BSON) is a format where your query is interpreted as an object and not as a string, so it is free from SQL Injection.
Some other directives can be taken to make a possible SQL Injection as difficult:
1) Place the "security.javascriptEnabled directive in your server-side configuration file"
2) Use "$Where" "db.Eval()" "mapReduce" and "group" commands cautiously as they allow you to run arbitrary javascript
3) Escape in their inputs the operators reserved "$" and "."
4) If you use PHP together with Mongo, you can look at this link with various security tips http://us.php.net/manual/en/mongo.security.php
Reference in http://docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-query-Injection
I hope I’ve helped.
Browser other questions tagged node.js mongodb redis
You are not signed in. Login or sign up in order to post.