Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-4322

MongoDB Query Injection related question/queries

XMLWordPrintableJSON

    • Type: Icon: Question Question
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 1.9.0
    • Component/s: Security
    • None
    • Environment:
      Windows/Linux/Freebsd

      1. While there are API's for MongoDB that support a number of development platforms, none of these appears to support the notion of bind variable support to escape query language meta-characters that may be embedded in user-supplied data. An API enhancement that offers support for parameterized queries (A.K.A. "prepared statements") would be a welcome enhancement.

            Assignee:
            Unassigned Unassigned
            Reporter:
            saurabhdave Saurabh Dave
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: