Answer the question
In order to leave comments, you need to log in
Nosql mongoDb vulnerability, how to prevent?
I found in mongoDB. Functionality for generating the object Id of the document. And because I need to do microservices. I want to use it for generations, sessions. I can't do this generation through any ODM. If I do it through the native driver, will it lead to a NoSQL vulnerability? And if this leads to a vulnerability, then how to protect the base?
To generate a new ObjectId using ObjectId() a unique hex string:
x = ObjectId()
ObjectId("507f1f77bcf86cd799439011")
Answer the question
In order to leave comments, you need to log in
If I understand you correctly, then you want to use the ObjectId to generate the session ID.
The first question is why?
Second - than any other ways of generating Id did not please - the same UID
Third - why do you need a session ID at all if you have a JWT - which in itself is a session token? Put all the information you need there, sign it, check the signature when requested, and you will be happy.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question