Mitigating MongoDB injection attacks with Mongoose

While you could use $eq to ensure an equality comparison is used in the query, your express route handler is a better place to perform request format validation.

A valid POST /login should have userName and password string fields in the body of the request. If not, it should be rejected before it even gets to Mongoose.

Tags:

Mongodb

Node.Js

Mongoose

Nosql Injection

Recent Posts