README
Description
This project provides the official MongoDB driver for Node.js with an integrated protection mechanism against injection attacks.
Resources of the underlying driver
what | where |
---|---|
documentation | http://mongodb.github.io/node-mongodb-native/ |
api-doc | http://mongodb.github.io/node-mongodb-native/2.2/api/ |
source | https://github.com/mongodb/node-mongodb-native |
mongodb | http://www.mongodb.org/ |
Author
- Patrick Spiegel http://patrick-spiegel.de
Installation
The recommended way to get started using the secured MongoDB driver is by using the NPM
(Node Package Manager) to install the dependency in your project.
MongoDB Driver
Given that you have created your own project using npm init
we install the mongodb driver and it's dependencies by executing the following NPM
command.
npm install mongodb-secure --save
This will download the MongoDB driver and add a dependency entry in your package.json
file.
Code Exmaples and Security Features
Connecting to MongoDB
Let's create a new app.js file that we will use to show the basic CRUD operations using the MongoDB driver.
First let's add code to connect to the server and the database myproject.
var MongoClient = require('mongodb-secure').MongoClient
, assert = require('assert');
// Connection URL
var url = 'mongodb://localhost:27017/myproject';
// Use connect method to connect to the Server
MongoClient.connect(url, function(err, db) {
assert.equal(null, err);
console.log("Connected correctly to server");
db.close();
});
Given that you booted up the mongod process earlier the application should connect successfully and print Connected correctly to server to the console.
Let's Add some code to show the different CRUD operations available.
Authentication Example
db.collection('users').find({
"user": req.query.user,
"password": req.query.password
},
{"_security_pattern" : [{
"user": ["string"],
"password": ["string"]
}]}
);
The optional security pattern, enables a developer to define allowed structures and types for user-provided data.