markdenihan
commented
9 years ago Spoke with Paul. Turns out MongoDB Injection presents new risks to that of MySQL. We'll have to figure out new protections to prevent these attacks. Pushing out ot 2.5
Closed markdenihan closed 9 years ago
markdenihan
commented
9 years ago Spoke with Paul. Turns out MongoDB Injection presents new risks to that of MySQL. We'll have to figure out new protections to prevent these attacks. Pushing out ot 2.5
ismisepaul
commented
9 years ago Level is good to go but yeah there's some concerns around security and needs further investigation before we release;
https://media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf https://www.owasp.org/index.php/Testing_for_NoSQL_injection http://docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-query-injection
ismisepaul
commented
9 years ago Okay I've tried a couple of things here, as far as I can see enough is being done (I may eat those words...)
Anyway I'm closing and will continue to keep an eye on the NoSQL injection research
markdenihan
commented
9 years ago Great work @ismisepaul
The Interesting part of this level will be the change of syntax. Going to look into delivering it with a Java Servlet Controller rather than a NodeJs one - that way we don't need another application server just yet.