30+ years of tech, retired from an identity intelligence company, now part-time with an insurance broker.
Dev community mod - mostly light gardening & weeding out spam :)
Good advice from the MongoDB team in their documentation, using the same approach as that to defeat injection in SQL, and more generally across other injection attacks - avoid server-side interpreters:
..for MongoDB either through direct use of BSON queries and separate user-data (equivalent of prepared queries in SQL clients), or by disabling server-side Javascript entirely - consider this first IMO!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Good write up.
Some additional resources for those interested in reading more:
Niceee
Good advice from the MongoDB team in their documentation, using the same approach as that to defeat injection in SQL, and more generally across other injection attacks - avoid server-side interpreters:
docs.mongodb.com/manual/faq/fundam...
..for MongoDB either through direct use of BSON queries and separate user-data (equivalent of prepared queries in SQL clients), or by disabling server-side Javascript entirely - consider this first IMO!