Questions tagged [nosql]

A NoSQL (Non SQL) database provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in traditional relational databases.

22 questions
28
votes
3 answers

How to secure a MongoDB instance?

Does anybody have experience with securing/hardening MongoDB server? Check lists or guides would be welcome.
AaronS
  • 2,575
  • 5
  • 22
  • 26
22
votes
4 answers

What type of attacks can be used vs MongoDB?

I'm starting to learn MongoDB and was curious if it was susceptible to some type of injection attack similar to SQLi. Due to the nature of the DB, I don't think you can inject into it but... What other type of attacks can be leveraged against…
Digital fire
  • 3,126
  • 5
  • 31
  • 44
14
votes
2 answers

Is the injection in a NoSQL database architecture also called SQL injection?

Is the injection in a NoSQL database architecture also called SQL injection and is it still part of the OWASP 2013 Top 10, category A1 Injection? For example, an injection in code that communicates with the following database architectures: Hadoop…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
11
votes
2 answers

MongoDB Nosql injection in python code

Here is the code snippet for accessing to MongoDB. client = MongoClient() db = client.test_database collection = db.test # Get data from fields condition = form.getvalue('name') if condition: where = {"$where": "this.name == '"+condition+"'"…
Yang Yu
  • 439
  • 3
  • 5
  • 12
11
votes
2 answers

Encrypting with Mongo

How can I achieve the following goals? All compute and storage to be located in the cloud. Encryption in transit of all data between web nodes and db nodes running MongoDB. How to set up tunnels? Which protocols/tools? Encryption at rest of all…
yfeldblum
  • 2,807
  • 20
  • 13
9
votes
1 answer

What datastructure would/have you used to store ACLs within a hybrid ACL/RBAC system?

In our system, every resource has an access control list (ACLs), which list entries (ACEs) that have a specific kind of access to that resource. The ACE can be for end-entities (eg: users like "Mr Q") or group entities (eg: "North Atlantic"); the…
Cat Nap
  • 101
  • 3
5
votes
2 answers

How secure is MongoDB wire protocol?

I'm building a JavaFX 2.0 standalone application (it'll be distributed as an .exe) and it opens a connection to a MongoDB instance. The connection is just a standard Mongo connection using the Mongo wire protocol. Is the Mongo wire protocol secure…
Jon Onstott
  • 155
  • 7
5
votes
2 answers

Security of NoSQL databases

Hopefully this isn't too broad. I've got little experience with NoSQL databases, but I know that they are rising in popularity. As a developer that is extremely concerned with security, I'm wondering, in general, what the pros and cons are from a…
David Stratton
  • 2,646
  • 2
  • 20
  • 36
5
votes
0 answers

MongoDB injection, reading and writing to files

I've been playing around with Nosql and specifically MongoDB injection on a few challenges and my lab. If you have an injection point you can easily enumerate and dump the database. But can you go beyond that, like the many things you can do with a…
Juicy
  • 1,407
  • 4
  • 16
  • 31
4
votes
1 answer

How to test for NoSQL injections?

How to test for NoSQL injections? Considering that the structure (or actually the non-structure) of NoSQL databases is very different from structured databases like MySQL, MSSQL or PostgreSQL. Are their known tools, payload lists, tricks or other…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
3
votes
1 answer

What are some of the worst DBMS for finical software, and why?

There seems to be an explosion of new databases, especially in the non-relational and "NotOnly SQL" offerings. How does this database fad affect data integrity and security? What are some ways that programmers can hang themselves by not…
rook
  • 46,916
  • 10
  • 92
  • 181
3
votes
1 answer

In-Memory Database Storage and Security (MemSQL, Spark, Redis, Geode, et al)

There is a growing trend to utilize more In-Memory Storage for a wide variety of use cases from big data analytics (Spark) to faster processing power (MemSQL) to caching (Redis) most frequently accessed data before making a trip to disk based RDBMS.…
Dereksurfs
  • 31
  • 3
2
votes
1 answer

What are Security Practices for NoSql databases

I want to know what are the best practices to secure NoSql database like MongoDB. How is it possible? Any tips?
2
votes
1 answer

Is it critical that REST API returns exactly the same content as it is in NoSQL database?

In the past, I've been taught that database schema is crucial and should not be exposed in any way so that users cannot inject the system and steal something from it. However, most of the cases I've heard are all about login functions that a hacker…
user1802604
  • 143
  • 4
1
vote
0 answers

Kusto to Osquery translator?

Osquery is a great open standard for collecting data from endpoints, using SQL syntax. Kusto is a new Microsoft language for collecting data from Windows endpoints, using syntax which is almost--but not entirely--unlike SQL. Microsoft is publishing…
user502
  • 3,261
  • 1
  • 22
  • 18
1
2