Security in queries with Redis and MongoDB and NodeJs

Question

Security in queries with Redis and MongoDB and NodeJs

Navigation

#1 by (1 votes)

-1

In the relational model, when using SQL we have to pay attention to SQL Injection in our application.

In Redis and MongoDB, what care should I take when building a database query?

Remembering that I'm using NodeJs, but I think it applies to any language.

node.js mongodb redis

asked by anonymous 30.09.2014 / 01:10

1 answer

problem with magento [closed] Insert MYSQL in Web form C # - I can not insert anything

score 1 · Answer 1

If you are using PHP, yes, you may suffer with SQL Injection, however, the format that is used to write data in MongoDB (BSON) is a format where your query is interpreted as an object and not as a string, so it is free of SQL Injection.

Some other policies can be taken to make a SQL Injection possible as:

1) Put in the configuration file on the server side the "security.javascriptEnabled" directive

2) Use with caution the "$ where" "db.eval ()" "mapReduce" and "group" commands as they allow arbitrary javascript to be run

3) Escape the reserved operators "$" and "."

4) If you use PHP together with Mongo, you can look at this link with several security tips link

Reference in link

I hope I have helped.