PMXBOT Log file Viewer

Help | Karma | Search:

#mongodb logs for Thursday the 4th of July, 2019

(Back to #mongodb overview) (Back to channel listing) (Animate logs)
[12:04:47] <WebertRLZ> hey how to check replication delay on mongo 2.4?
[14:18:27] <Kim^J> Hi there. Would accepting the query parameter in find* calls directly from a user impose security issues?
[15:28:16] <GothAlice> Kim^J: Absolutely, yes.
[15:28:23] <GothAlice> It’s called NoSQL-injection.
[15:28:47] <GothAlice> https://github.com/MongoEngine/mongoengine/issues/1991 for details and links to supporting material.
[15:30:51] <GothAlice> It can be OK if you ensure structured form deserialization isn’t a thing (e.g. POST or GET parameters of foo[]=27&foo[]=42 → Array(27, 42)) and you avoid string interpolation within $where.