One way is to match against email (or username or what have you), and then compare the salted hash to the password - outside of NoSQL-land.
Otherwise, what your query is really saying, is that a user could potentially have multiple accounts under the same name, with different passwords.
But yeah, the scenario the author presented the stuff with is flawed. But the point still comes across: Never trust user input. With SQL, protecting yourself from injections is pretty simple. NoSQL seems a bit more tricky
Yes, agreed. And JavaScript makes it a little too easy to mess user input validation up since it's so weakly typed. Maybe NoSQL is not entirely to blame here :-D
I think a JavaScript validation library could have been mentioned in the article too. I'd prefer having some proper error feedback from the server when I'm passing in wonky request payloads (by accident or on purpose).
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
One way is to match against email (or username or what have you), and then compare the salted hash to the password - outside of NoSQL-land.
Otherwise, what your query is really saying, is that a user could potentially have multiple accounts under the same name, with different passwords.
But yeah, the scenario the author presented the stuff with is flawed. But the point still comes across: Never trust user input. With SQL, protecting yourself from injections is pretty simple. NoSQL seems a bit more tricky
Yes, agreed. And JavaScript makes it a little too easy to mess user input validation up since it's so weakly typed. Maybe NoSQL is not entirely to blame here :-D
I think a JavaScript validation library could have been mentioned in the article too. I'd prefer having some proper error feedback from the server when I'm passing in wonky request payloads (by accident or on purpose).