Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Avoid MongoDB Hash-Injection Attacks

DZone 's Guide to

How to Avoid MongoDB Hash-Injection Attacks

· Java Zone ·
Free Resource

We've heard some tips on keeping MongoDB secure recently, but here's a look at how to deal with one specific vulnerability: hash-injection attacks. This recent article from Conrad Irwin covers MongoDB's vulnerability to hash-injection attacks, especially when working with a framework like Rails, or potentially PHP or Node.js' Express. The vulnerability, according to Irwin, is something akin to a SQL-injection - unsavory characters could pretty easily set themselves up as admins, for example - and could lead to a number of problems. For instance:

  • Authentication bypass
  • Denial of service
  • Data leakage

Irwin's post can help you fix it, though. For Rails users he suggests his mongoid-rails gem, and for others he provides a slightly less graceful, but hopefully still effective, alternative. Check out Irwin's full post for details on what to watch out for and how to keep your MongoDB secure.

Topics:

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}