Is it safe to pass user input to dynamo DB through node ts
Question
I have a function that takes user input and directly passes it to the put function
// user input is message
async addtodb(message: string, partitionkey: string) {
const params: AWS.DynamoDB.DocumentClient.PutItemInput = {
TableName: this.tablename,
Item: {
[this.key]: partitionkey,
id: id,
message,
},
};
return await dynamodb.put(params).promise();
};
Is it secure to use user input as an Amazon DynamoDB partition key?
is unclear and that is with the partition key aswell. I know the first rule of hacking is never trust user input so does that apply here?
1 answers
solution1
1 ACCPTED 2023-01-27 08:43:08
You should always sanitize inputs.
However, you cannot run UDFs or any other type of function on DynamoDB which most attacks try exploit. The only thing you're at risk from is the user storing data that you did not expect.
Partition key is hashed and uses salt, so the distribution of your data won't be impacted either.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.