Security in consultations with Redis and Mongodb and Nodejs

Asked

Viewed 317 times

-1

In the relational model, when using SQL we have to pay attention to SQL Injection in our application.

At Redis and Mongodb, what precautions should I take when building a database query?

Remembering that I’m using Nodejs, but I think it applies to any language.

1 answer

1

If you are using PHP, yes, you may suffer from SQL Injection, but the format that is used to write data to Mongodb (BSON) is a format where your query is interpreted as an object and not as a string, so it is free from SQL Injection.

Some other directives can be taken to make a possible SQL Injection as difficult:

1) Place the "security.javascriptEnabled directive in your server-side configuration file"

2) Use "$Where" "db.Eval()" "mapReduce" and "group" commands cautiously as they allow you to run arbitrary javascript

3) Escape in their inputs the operators reserved "$" and "."

4) If you use PHP together with Mongo, you can look at this link with various security tips http://us.php.net/manual/en/mongo.security.php

Reference in http://docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-query-Injection

I hope I’ve helped.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.