No SQL, No Injection? Examining NoSQL Security
نویسندگان
چکیده
NoSQL data storage systems have become very popular due to their scalability and ease of use. This paper examines the maturity of security measures for NoSQL databases, addressing their new query and access mechanisms. For example the emergence of new query formats makes the old SQL injection techniques irrelevant, but are NoSQL databases immune to injection in general? The answer is NO. Here we present a few techniques for attacking NoSQL databases such as injections and CSRF. We analyze the source of these vulnerabilities and present methodologies to mitigate the attacks. We show that this new vibrant technological area lacks the security measures and awareness which have developed over the years in traditional RDBMS SQL systems. Keywords—sql injection; nosql; sql; database; mongodb; nodejs; php; json ; injection; couchdb; cassandra; cloudant
منابع مشابه
A Parse Tree-Based NoSQL Injection Attacks Detection Mechanism
Nowadays, many IT giants such as Facebook, Google, and Amazon adopt non-relational database (NoSQL, Not only SQL) technologies to manage their systems. Although these kind of database technologies have made outstanding contributions to the development of the IT industry, it also exposed some security risks such as SQL injection attacks. Up to now, there are many solutions to counter SQL injecti...
متن کاملDesafios no Mapeamento de Esquemas Conceituais Geográficos para Esquemas Físicos Híbridos SQL/NoSQL
To the best of our knowledge, there is no generic mapping from conceptual schemas to NoSQL physical schemas. This paper tackles such problem in the context of geographic databases. We discuss the solution of mapping conceptual schemas to hybrid relational/NoSQL physical schemas. Resumo. Até onde pudemos determinar, não existem ainda propostas genéricas para produzir esquemas fı́sicos para estrut...
متن کاملComparative Study of the New Generation, Agile, Scalable, High Performance NOSQL Databases
Relational database is widely used in most of the application to store and retrieve data. They work best when they handle a limited set of data. Handling real time huge volume of data like internet was inefficient in relation database systems. To overcome this problem the "NO-SQL" or "Not Only SQL" Database came into existence. This paper discusses about problems with relation databases and how...
متن کاملAnálise Experimental de Bases de Dados Relacionais e NoSQL no Processamento de Consultas sobre Data Warehouse
Data warehouse (DW) is a large, oriented-subject, non-volatile, and historical database, and an important component of Business Intelligence. On DW are executed OLAP (Online Analytical Processing) queries that often culminate in a high response time. Fragmentation of data, materialized views and indices aim to improve performance in processing these queries. Additionally, NoSQL (Not only SQL) d...
متن کاملA NoSQL-SQL Hybrid Organization and Management Approach for Real-Time Geospatial Data: A Case Study of Public Security Video Surveillance
With the widespread deployment of ground, air and space sensor sources (internet of things or IoT, social networks, sensor networks), the integrated applications of real-time geospatial data from ubiquitous sensors, especially in public security and smart city domains, are becoming challenging issues. The traditional geographic information system (GIS) mostly manages time-discretized geospatial...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1506.04082 شماره
صفحات -
تاریخ انتشار 2015