Analysis on Database Security Model Against NOSQL Injection

Authors

  • S. Priyadharshini  Computer science and engineering, Anna University/IFET College of Engineering, Villupuram, Tamil Nadu, India
  • R. Rajmohan  Computer science and engineering, Anna University/IFET College of Engineering, Villupuram, Tamil Nadu, India

Keywords:

NOSQL, Mongo DB, Security, Kerberos.

Abstract

Nowadays, Attackers analyse the NOSQL data structure and inject malicious code as well as perform cross-site request forgery attacks. Study a Database Protection System which is used between the dynamic application and database. The Data centric security model is used for encrypting data before storing into database repository. Mobile users across an untrusted network are authenticated through Kerberos. The testing on NOSQL injections performed with JavaScript and PHP is studied.

References

  1. Suna Yin, Dehua Chen, Jiajin Le,China, 2016 IEEE,"STNOSQL Creating NOSQL Database on the SensibleThings Platform.
  2. Boyu Hou, Kai Qian, Lei Li, Yong Shi, Lixin Tao, Jigang Liu, USA, 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing ,"Mongo Database NOSQL Injection Analysis and Detection".
  3. Anam Zahid, Rahat Masood, Muhammad Awais Shibli, 2014 Conference on Information Assurance and Cyber Security (CIACS)," Security of Sharded NOSQL Databases"
  4. Aviv Ron, Alexandra Shulman-Peleg, Emanuel Bornstein, "NO SQL, NO Injection-Examining NOSQL".
  5. Loir Okman, Nurit Gal-Oz, Yaron Gonen, Ehud Gudes, Jenny Abramov, 2011 International Joint Conference of IEEE TrustCom-11/IEEE-11/FCST-11, "Security issues in NOSQL Databases ".
  6. Preecha Noiumkar and Tawatchai Chomsiri "A Comparison the Level of Security on Top 5 Open Source NOSQL Databases".
  7. NOSQL Injection for Mongodb: https://github.com/cr0hn/nosqlinjection_wordlists
  8. Injection attacks on Mongodb: https://www.quora.com/Why-are-injection-attacks-not-possible-on-MongoDB

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2017-04-30

Issue

Volume 2, Issue 2, March-April-2017

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
S. Priyadharshini, R. Rajmohan, " Analysis on Database Security Model Against NOSQL Injection, IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 2, Issue 2, pp.168-171, March-April-2017.