Closed Atterratio closed 5 years ago
@Atterratio Can you clarify the question please?
Is there protection from db injecting model fields? That is, I would be able to enter in the fields the data received from users without worrying about self-protection from db injections. Is there a tool in the library (or maybe there is such a tool in the driver) that allows you to wrap the string that came from the user and guarantee the absence of db injections? It's useful for example for clean Cypher queries. No idea how it write more clear.
He’s trying to escape user input
Sent from my iPhone
On Nov 30, 2018, at 9:24 AM, Atterratio notifications@github.com wrote:
Is there protection from db injecting model fields? That is, I would be able to enter in the fields the data received from users without worrying about self-protection from db injections. Is there a tool in the library (or maybe there is such a tool in the driver) that allows you to wrap the string that came from the user and guarantee the absence of db injections? It's useful forexammple for clean Cypher queries. No idea how it write more clear.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
Thank you for the clarification @seanjdunn85, @Atterratio.
No. At the moment, neomodel
does not check user input for that.
While I have not tested this myself on neomodel
, I can see how it could be possible to craft a string input that if used in the right way in a Cypher query it could cause trouble.
I wonder if it would be possible for you to:
Either of these would be beneficial for advancing the project, either in terms of planning or actual features.
All the best
Have any integrate injection protection fields? Injection protection for Cypher queries? Or utility for quick adding protection to received data?