Preventing NoSQL injection
Preventing NoSQL injection
The appropriate way to prevent NoSQL injection attacks depends on the specific NoSQL technology in use. As such, we recommend reading the security documentation for your NoSQL database of choice. That said, the following broad guidelines will also help:
Sanitize and validate user input, using an allowlist of accepted characters.
Insert user input using parameterized queries instead of concatenating user input directly into the query.
To prevent operator injection, apply an allowlist of accepted keys.
Last updated