Since we provide database interface to public, I was worried about the data security through the query expression. The main idea is to perform query expression pre-validation before it goes to database. That will prevent people accidentally or on purposely mess-up the database. But I am not a mongoDB expert, so I am not sure this problem. I notice that we already have several validation modules in source tree but haven't really implement it.
Therefore, so far I think do some simple data validation is enough to address this requirements. And as long as we separate the function out, we could always keep improve it later.
linux-colonel
commented
11 years ago
Since we provide database interface to public, I was worried about the data security through the query expression. The main idea is to perform query expression pre-validation before it goes to database. That will prevent people accidentally or on purposely mess-up the database. But I am not a mongoDB expert, so I am not sure this problem. I notice that we already have several validation modules in source tree but haven't really implement it. Therefore, so far I think do some simple data validation is enough to address this requirements. And as long as we separate the function out, we could always keep improve it later.