Security in queries with Redis and MongoDB and NodeJs

-1

In the relational model, when using SQL we have to pay attention to SQL Injection in our application.

In Redis and MongoDB, what care should I take when building a database query?

Remembering that I'm using NodeJs, but I think it applies to any language.

    
asked by anonymous 30.09.2014 / 01:10

1 answer

1
If you are using PHP, yes, you may suffer with SQL Injection, however, the format that is used to write data in MongoDB (BSON) is a format where your query is interpreted as an object and not as a string, so it is free of SQL Injection.

Some other policies can be taken to make a SQL Injection possible as:

1) Put in the configuration file on the server side the "security.javascriptEnabled" directive

2) Use with caution the "$ where" "db.eval ()" "mapReduce" and "group" commands as they allow arbitrary javascript to be run

3) Escape the reserved operators "$" and "."

4) If you use PHP together with Mongo, you can look at this link with several security tips link

Reference in link

I hope I have helped.

    
07.10.2014 / 05:06