Over a million developers have joined DZone.

How to Avoid MongoDB Hash-Injection Attacks

· Java Zone

Microservices! They are everywhere, or at least, the term is. When should you use a microservice architecture? What factors should be considered when making that decision? Do the benefits outweigh the costs? Why is everyone so excited about them, anyway?  Brought to you in partnership with IBM.

We've heard some tips on keeping MongoDB secure recently, but here's a look at how to deal with one specific vulnerability: hash-injection attacks. This recent article from Conrad Irwin covers MongoDB's vulnerability to hash-injection attacks, especially when working with a framework like Rails, or potentially PHP or Node.js' Express. The vulnerability, according to Irwin, is something akin to a SQL-injection - unsavory characters could pretty easily set themselves up as admins, for example - and could lead to a number of problems. For instance:

  • Authentication bypass
  • Denial of service
  • Data leakage

Irwin's post can help you fix it, though. For Rails users he suggests his mongoid-rails gem, and for others he provides a slightly less graceful, but hopefully still effective, alternative. Check out Irwin's full post for details on what to watch out for and how to keep your MongoDB secure.

Discover how the Watson team is further developing SDKs in Java, Node.js, Python, iOS, and Android to access these services and make programming easy. Brought to you in partnership with IBM.

Topics:

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}