I am very new to node.js and mongodb. I have a page getting query strings with
var queries = url.parse(req.url,true).query;
and I write them into database using mongoskin module. Do I have to do something against sql injection?
Asked
Active
Viewed 306 times
1 Answers
2
http://docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-query-injection
You don't need to worry about traditional SQL Injection in MongoDB or any kind of query injection with the code you have above. Only these commands:
- $where
- db.eval()
- mapReduce
- group
will allow execution of JavaScript and would be unsafe if using user-provided data.
Explosion Pills
- 188,624
- 52
- 326
- 405