DEV Community 👩‍💻👨‍💻

Discussion on: One-step to prevent potential NoSQL Injection in your mongodb application

 
hjrobinson profile image
hjrobinson • Edited on

For the record your middleware code seems to do the trick without having to use the mongo-secure module. Without the middleware the password in my example would still be protected from injection because bcrypt.compareSync returns:

{
"message": "Illegal arguments: object, string"
}

However, if the attacker knew the password and not the email there would still be a threat so your middleware code still comes in handy for my use case. I don't know if the middleware will affect my other endpoints but I'm sure it will be revealed if it does. Thanks for the post.