Highest Voted 'nosql' Questions - IT Security Stack Exchange

28

votes

3 answers

How to secure a MongoDB instance?

Does anybody have experience with securing/hardening MongoDB server? Check lists or guides would be welcome.

asked Sep 27 '11 at 11:26

AaronS

2,575
5
22
26

22

votes

4 answers

What type of attacks can be used vs MongoDB?

I'm starting to learn MongoDB and was curious if it was susceptible to some type of injection attack similar to SQLi. Due to the nature of the DB, I don't think you can inject into it but... What other type of attacks can be leveraged against…

attacks sql-injection databases nosql mongodb

asked Nov 07 '12 at 16:08

Digital fire

3,126
5
31
44

14

votes

2 answers

Is the injection in a NoSQL database architecture also called SQL injection?

Is the injection in a NoSQL database architecture also called SQL injection and is it still part of the OWASP 2013 Top 10, category A1 Injection? For example, an injection in code that communicates with the following database architectures: Hadoop…

sql-injection terminology owasp-top-ten nosql

asked Jun 22 '16 at 08:45

Bob Ortiz

6,234
8
43
90

11

votes

2 answers

MongoDB Nosql injection in python code

Here is the code snippet for accessing to MongoDB. client = MongoClient() db = client.test_database collection = db.test # Get data from fields condition = form.getvalue('name') if condition: where = {"$where": "this.name == '"+condition+"'"…

penetration-test injection python mongodb nosql

asked Mar 06 '15 at 23:35

Yang Yu

439
3
5
12

11

votes

2 answers

Encrypting with Mongo

How can I achieve the following goals? All compute and storage to be located in the cloud. Encryption in transit of all data between web nodes and db nodes running MongoDB. How to set up tunnels? Which protocols/tools? Encryption at rest of all…

encryption key-management databases mongodb nosql

asked Apr 11 '11 at 16:10

yfeldblum

2,807
20
13

9

votes

1 answer

What datastructure would/have you used to store ACLs within a hybrid ACL/RBAC system?

In our system, every resource has an access control list (ACLs), which list entries (ACEs) that have a specific kind of access to that resource. The ACE can be for end-entities (eg: users like "Mr Q") or group entities (eg: "North Atlantic"); the…

access-control authorization rbac nosql

asked Dec 24 '13 at 21:01

Cat Nap

101
3

5

votes

2 answers

How secure is MongoDB wire protocol?

I'm building a JavaFX 2.0 standalone application (it'll be distributed as an .exe) and it opens a connection to a MongoDB instance. The connection is just a standard Mongo connection using the Mongo wire protocol. Is the Mongo wire protocol secure…

tls java databases nosql mongodb

asked Oct 22 '13 at 16:13

Jon Onstott

155
7

5

votes

2 answers

Security of NoSQL databases

Hopefully this isn't too broad. I've got little experience with NoSQL databases, but I know that they are rising in popularity. As a developer that is extremely concerned with security, I'm wondering, in general, what the pros and cons are from a…

known-vulnerabilities databases nosql

asked Jan 01 '13 at 20:01

David Stratton

2,646
2
20
36

5

votes

0 answers

MongoDB injection, reading and writing to files

I've been playing around with Nosql and specifically MongoDB injection on a few challenges and my lab. If you have an injection point you can easily enumerate and dump the database. But can you go beyond that, like the many things you can do with a…

injection mongodb nosql

asked Oct 15 '15 at 10:47

Juicy

1,407
4
16
31

4

votes

1 answer

How to test for NoSQL injections?

How to test for NoSQL injections? Considering that the structure (or actually the non-structure) of NoSQL databases is very different from structured databases like MySQL, MSSQL or PostgreSQL. Are their known tools, payload lists, tricks or other…

penetration-test databases injection automated-testing nosql

asked Mar 16 '17 at 20:36

Bob Ortiz

6,234
8
43
90

3

votes

1 answer

What are some of the worst DBMS for finical software, and why?

There seems to be an explosion of new databases, especially in the non-relational and "NotOnly SQL" offerings. How does this database fad affect data integrity and security? What are some ways that programmers can hang themselves by not…

nosql databases

asked Jan 11 '13 at 18:59

rook

46,916
10
92
181

3

votes

1 answer

In-Memory Database Storage and Security (MemSQL, Spark, Redis, Geode, et al)

There is a growing trend to utilize more In-Memory Storage for a wide variety of use cases from big data analytics (Spark) to faster processing power (MemSQL) to caching (Redis) most frequently accessed data before making a trip to disk based RDBMS.…

memory fips caching nist nosql

asked Jan 16 '17 at 00:01

Dereksurfs

31
3

2

votes

1 answer

What are Security Practices for NoSql databases

I want to know what are the best practices to secure NoSql database like MongoDB. How is it possible? Any tips?

nosql mongodb

asked Mar 07 '13 at 08:52

Ganesh Kunwar

131
5

2

votes

1 answer

Is it critical that REST API returns exactly the same content as it is in NoSQL database?

In the past, I've been taught that database schema is crucial and should not be exposed in any way so that users cannot inject the system and steal something from it. However, most of the cases I've heard are all about login functions that a hacker…

injection nosql

asked Jul 31 '18 at 09:40

user1802604

143
4

1

vote

0 answers

Kusto to Osquery translator?

Osquery is a great open standard for collecting data from endpoints, using SQL syntax. Kusto is a new Microsoft language for collecting data from Windows endpoints, using syntax which is almost--but not entirely--unlike SQL. Microsoft is publishing…

detection end-points nosql

asked Aug 26 '22 at 13:11

user502

3,261
1
22
18

Questions tagged [nosql]