Towards Analyzing MongoDB NoSQL Security and Designing Injection Defense Solution

摘要

An increasing number of people and companies have started to use NoSQL database for data management and database design. It has efficient and powerful functions for big data while doing analysis and generalization. In today's world, tons of data need to be stored and executed every second, which possibly brings malicious information into the databases. NoSQL databases, similarly to SQL databases, can be hacked, injected with malicious codes, or even destroyed, thus security has been a critical issue for big data analysis using NoSQL databases. In this paper, we analyze the malicious injection in NoSQL databases and propose defense approaches by the utilization of JavaScript and HTTP. MongoDB is one of the most stable and secure NoSQL databases among all NoSQL databases. We demonstrate server-side JavaScript and HTTP injection attacks and propose defense measures to promote the security of MongoDB, which will help NoSQL databases programmers and designers be aware of injection mechanism and build a more secure data environment.