Log file Viewer

[01:14:36] <ixti> hi all

[01:17:16] <ixti> are there any known issues with $inc/$set operations on nested documents (e.g. { "$inc": { "foo.bar": 1 } })

[01:17:42] <zzing> Are there any examples of implementing a user authentication system inside of a mongo database, that is separate from the regular authentication mechanism? Specifically the kind of thing a blog might implement where it just uses a single account for the mongo database to access the data.

[01:18:22] <ixti> nm. just realized that i misunderstood original problem described in issue

[13:29:38] <timah> ping.

[18:17:04] <timah> is there an easy way to bulk update the data type (string > int) of a complex _id without mongo creating new documents?

[18:17:26] <timah> i'm assuming mongo is creating new documents because the ids aren't identical.

[18:18:35] <kali> timah: no way to do that 'in-place'

[18:19:07] <timah> didn't think so… so basically delete the old and insert the new?

[18:19:53] <kali> yeah, or variations around taht

[18:20:48] <timah> figures. :P well poopsicles.

[18:20:58] <timah> thanks kali. i appreciate it.

[21:05:08] <Goopyo> is it possible to cancel repairDatabase?

[21:12:41] <Goopyo> Derick: urgent ping!

[21:12:58] <Goopyo> is it possible to cancel a repairDatabase? Should've read the docs and ran compact first...

[21:13:09] <Goopyo> compact instead*

[21:35:33] <wasbazi> Hi there everyone!

[21:59:17] <wasbazi> Anyone in here feel like discussing MongoDB vulnerabilities other than "don't use eval" (cause that's what the internet is telling me)

[22:05:28] <kexmex> wasbazi: what other ones do you know of?

[22:06:30] <kexmex> sucks that bson is json-like so if you are getting user input, its hard to sanitize it really

[22:07:37] <wasbazi> I don't really know much about it at all.

[22:07:55] <wasbazi> I'm building my first node/express/mongoose app and I've done user auth with php/mysql before.

[22:08:20] <wasbazi> So I thought, oh ya SQL injection. I shouldn't use user data directly from the client, how do I protect it in JS...

[22:08:32] <kexmex> yeh

[22:08:55] <kexmex> but i dunno

[22:09:07] <kexmex> never looked at bson syntax so cant comment

[22:09:40] <kexmex> err bson format

[22:11:28] <wasbazi> So in theory just passing data from a form directly to be stored in the db isn't the worst idea ever?

[22:14:35] <kexmex> i'd apply some heuristics tho

[22:15:30] <kexmex> parse the json, look at the attributes, if attribute is enum check if it matches enum values, or if an integer, that it's within range, if string, not too long, check character set with regexp…and so on

[22:18:38] <wasbazi> I guess that makes some sense. So just some basic checks for type/length and I shouldn't have to worry too much on it.

[22:22:42] <beepbeep_> when working with mongodb, always use ObjectId for id's?

[22:23:07] <beepbeep_> Do you use another unique identifier for in apps?

[22:23:11] <beepbeep_> because a link like

[22:23:27] <beepbeep_> foo/51858788b3fcd92410000000/show is a bit weird.

[22:23:33] <beepbeep_> foo/1/show would be cooler :p