Mongodb security in node.js Mongodb security in node.js mongodb mongodb

Mongodb security in node.js


node.js mongodb security code-injection database

There is specific issue for NodeJS, MongoDB (and some others NoSQL databases that heavily use javascript): serverside javascript injection. Look here and here (pdf) for details. It is more like SQL injection than XSS.

Shortly, that is when attacker sends javascript to your nodejs or mongodb when you're expecting just JSON. So theoretically bad guy can bring your service down (DOS), access your data and even filesystem.

To prevent such attacks you have to:

  1. Avoid creating “ad-hoc” JavaScript commands by concatenating scriptwith user input.
  2. Validate user input used in SSJS commands with regular expressions.
  3. Avoid use of the JavaScript eval command. In particular, when parsing JSON input, use a safer alternative such asJSON.parse.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last