Obviously Mongo isn't vulnerable to the sorts of injection that haul sensitive data off SQL databases all day, every day. However, SQL injection attacks raise a significant and broad security question: why do application servers have access to sensitive data that they don't need? Proposal:
- Allow the user to declare a database key as "write only"
- Queries against this key behave as normal
- Optionally raise an error or return null on attempts to read the restricted key
This would create a strong layer of security around data such as passwords that must be written and compared but never ever read.