stackoom
  简体   繁体   中英

C# mongodb ObjectId useage risks

 原文  2016-02-18 15:50:29       c#/ mongodb/ mongodb-.net-driver/ mongodb-csharp-2.0

Question

I was watching on Mongodb ObjectId object. It seems to be non-safe object to expose to my client (even its his own SessionId). Though im using the following code to generate random ObjectIds: 

var timestamp = DateTime.UtcNow;
        var machine = _random.Next(10000, 75757575);
        var pid = (short)_random.Next(10000, 75757575);
        var increment = _random.Next(10000, 75757575);

        return new ObjectId(timestamp, machine, pid, increment);

I get sequential ids sometimes and I dont want the user to be able to guess 1 million ids and finally catches a real one.

Is there any way to still use mongodb on c# and maintain a secure id? Now, some say "use https", but that's not the issue. Someone can log into the web, get a sessionId of type ObjectId and try to guess.

How can I reduce the likelyhood of something like that to happen?

1 answers

solution1
 1  2016-02-18 16:10:41

如果数据库中存储了任何敏感信息,则应在应用程序中应用一些ACL规则,以决定用户是否可以通过objectId检索数据。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question MongoDb C# Class with no ObjectID Making a string property ObjectId in MongoDB with C# Query MongoDB 'ObjectId' in C# Linq Driver C# Security Risks C# + MongoDB - ObjectId without using MongoDB DataTypes/Attributes C# : Thread Workload and Memory useage Remove ObjectId from mongodb document serialized to JSON in C# C# and MongoDB Delete Records Using List Of ObjectId's Are there risks to optimizing code in C#? Cannot deserialize string from BsonType ObjectId in MongoDb C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM