Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-3537

Security (write-only setting for database key)

    XMLWordPrintable

    Details

      Description

      Obviously Mongo isn't vulnerable to the sorts of injection that haul sensitive data off SQL databases all day, every day. However, SQL injection attacks raise a significant and broad security question: why do application servers have access to sensitive data that they don't need? Proposal:

      • Allow the user to declare a database key as "write only"
      • Queries against this key behave as normal
      • Optionally raise an error or return null on attempts to read the restricted key

      This would create a strong layer of security around data such as passwords that must be written and compared but never ever read.

        Attachments

          Activity

            People

            Assignee:
            backlog-server-security Backlog - Security Team
            Reporter:
            khabok Jason Voorhees
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated: