top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How does MongoDB avoid the SQL injection mess?

+2 votes

how does MongoDB avoid the SQL injection mess? Is it just by nature of this query syntax?

posted Apr 27, 2016 by Shivam Kumar Pandey

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

MongoDB avoids the potential for problems by not parsing.

Any API, anywhere, that involves encoding user data in formatted text that gets parsed has the potential for the caller and callee to disagree on how that text should be parsed. These disagreements can be security issues when data is misinterpreted as metadata. This is true whether you're talking about printf format strings, including user generated content in HTML, or generating SQL.

Since MongoDB doesn't parse structured text to figure out what to do, there is no possibility of misinterpreting user input as instructions, and hence no possible security hole.

answer Apr 27, 2016 by Devendra Bohre
Thanks Dev!!
thanks pandey ji
Similar Questions
+2 votes

I am looking for a performance optimized RESTful interface to MongoDB. Ideally, the RESTful interface must be exposed by the mongod process itself.

I have looked into the various options documented at the MongoDB website, but none of them suits me. For example, I do not want to run a separate RESTful interface server on top of MongoDB.

I must be able to access MongoDB using RESTful, using a C++ RESTful client driver.

It would be great if anybody could help me out with some good information.


+1 vote

How to ensure that sql injection is avoided.

+2 votes

As we can write ".sql" file in sql for creating schema and other commands. can we also write the similar something like ".nosql" or ".mongodb" file??