Menu
For say a MySQL database there are known security issues. How does this apply to a NoSQL db? e.g. Injections, xss etc. What are the security measurement you have to take when using a NoSQL db? Specifically regarding MongoDB (with node-mongodb-native) and Node.js (using Express)
And if so, are there any modules for Node/Express that helps in preventing this?
430
TLS/SSL Encryption Network encryption is available with MongoDB. This allows you to protect your database and communications through an industry-standard encryption methodology. TLS and SSL are supported by the x. 509 certificates, which clients can use to authenticate their identities.
The MongoDB Node. js driver makes using MongoDB with Node. js a seamless experience. The driver automatically maps JavaScript objects to BSON documents, meaning that developers can easily work with their data.
The Node. js platform is inherently secure, but because it uses third-party open source packages through its package management system (npm), it is vulnerable to cyber attacks. Companies must implement the best practices like those outlined in this article to maintain the security of Node. js.
Overview. The Custom JWT authentication provider allows users to authenticate with an authentication system that is independent from Atlas App Services. The external system must return a signed JSON Web Token that contains a unique ID value for the authenticated user.
There is specific issue for NodeJS, MongoDB (and some others NoSQL databases that heavily use javascript): serverside javascript injection. Look here and here (pdf) for details. It is more like SQL injection than XSS.
Shortly, that is when attacker sends javascript to your nodejs or mongodb when you're expecting just JSON. So theoretically bad guy can bring your service down (DOS), access your data and even filesystem.
To prevent such attacks you have to:
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
