Reputation: 301
Will this create any security exploit?
I've a mongodb collection "users" in which i want to add a new field "wallet_amount" when user add money in their wallet. Right now at the time of user registration, i'm trying to insert a document like this
db.users.insert( { email: "[email protected]", wallet_amount: 0 } )
Is this the correct way of doing this or there are chances this will create some security exploits since i'm passing wallet_amount default value as 0? Or wallet_amount should be inserted only at the time when user add money in wallet.
Upvotes: 0
Views: 47
Answers (1)
Reputation: 5297
In theory there are no security implications as to whether you set initial amount on user creation or at a later stage.
However, what you face as a more general security concern is that every time you have any query against the users table, you need to triple check it to make sure there is no way it can alter the wallet_amount incorrectly. Any developer who is coding against this table is touching potentially very sensitive data.
To mitigate against this, if you are dealing with a sensitive field like this:
- Actually store the wallet amount in a separate table or database
- Have a very limited set of APIs to adjust the wallet amount, test them extensively and only ever use those APIs when working with the wallet amount
This means you decouple the sensitive data from your user table and allow you to isolate the part of your domain which needs extra care and attention.
If you want to take this a step further, consider not storing a wallet amount at all. A common approach for very secure financial systems is to actually store a ledger, which is an immutable record of every transaction. In your case it might look like:
- Day 1: I add $100 to my wallet
- Day 2: I spend $10
- Day 3: I spend $13
etc. You can then actually set up your database so you never mutate any data, only ever add more lines to the ledger. A cache can be used to keep track of the current balances, but this can always be recreated by running over the ledger items. This might be overkill for your scenario, but can provide an extra layer of protection, because you essentially forbid anyone from arbitrarily changing what is in the wallet, they can only add transactions (which makes it easier to spot suspicious behaviour or patterns, and trace where money moves).
Upvotes: 1
Related Questions
- How dangerous is a mongo query which is fed directly from a URL query string?
- Can injection still be an issue if all the database operations are done through Mongoose?
- MongoDB injection attack
- Mongodb security in node.js
- MongoDB Security issue
- the complications in javascript node.js?
- mongodb injection possibility
- Are there any security risks with exposing a user's unique MongoDB _id?
- Javascript to Mongo query passthru. Secure? Bad practice?
- MongoDB security, what am I missing?