Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-3537

Security (write-only setting for database key)

    XMLWordPrintable

Details

    Description

      Obviously Mongo isn't vulnerable to the sorts of injection that haul sensitive data off SQL databases all day, every day. However, SQL injection attacks raise a significant and broad security question: why do application servers have access to sensitive data that they don't need? Proposal:

      • Allow the user to declare a database key as "write only"
      • Queries against this key behave as normal
      • Optionally raise an error or return null on attempts to read the restricted key

      This would create a strong layer of security around data such as passwords that must be written and compared but never ever read.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            khabok Jason Voorhees
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated: