Organizational Research By

Surprising Reserch Topic

security concerns while using mongodb php driver using -'php,security,mongodb'


security concerns while using mongodb php driver  using -'php,security,mongodb'

I have experiences with securing sql injections on MYSQL, but what should I be careful on MongoDB using php driver? In most of the pages I get data via GET/POST and searching/inserting the system. I search via UDID / other fields, and can insert any string value. Also I get user's cookies via javascript.


So when GET/POST, I'm adding to each variable htmlentities function?
What would replace mysql_real_escape_string? Should I use it?


So, for example, when doing

$download = array( 'url' => $_GET['url'] );

$downloads->insert($download);


Is this OK?


Is there a way to check if a string is really a UID?
Any think else I should be aware when using MongoDB and PHP? I do get my cookies using javascript, and searching in my DB using the cookies. What about that?

    
asked Sep 7, 2015 by rajesh
0 votes
5 views



Related Hot Questions



Government Jobs Opening


...