User Input Validation
User input should be validated by the client application, before the input is sent to Couchbase Server: this constitutes protection against malicious update, insertion, and erasure of data.
Forms of Attack
The following forms of attack, based on the manipulation of user input, should be anticipated:
-
Injecting arbitrary key-value pairs into an existing document.
-
Changing the user-specified document-type from private to public; and thereby increasing the possibility of illicit access.
-
Overriding important document-fields.
For example, a malicious user might attempt to overwrite an existing password by generating the following JSON document:
{"user": "will","password":"0asd21$1%", "created":"2012-06-12", "password":"password"}
In this document, the first password-field contains 0asd21$1%, which is the intended value.
Note however, that an additional password name-value pair has been concatenated onto the document-content.
Submission of this modified document would result in the plain password value overwriting the earlier specified, intended password.
Forms of Protection
Malicious user-input is most effectively protected against by client applications that do not permit unconstrained document-configuration by users; and instead impose a more restrictive interface; whereby, for example, only specific values or name-value pairs are accepted, and are properly validated before dispatch. (A document-model featuring Java POJOs or .NET POCOs might be used for such purposes.)