问题描述
假设我有一个文档集合,例如:
Let's say I have a collection of documents such as:
{ "_id" : 0 , "owner":0 "name":"Doc1"},{ "_id" : 1 , "owner":1, "name":"Doc1"}, etc
另一方面,所有者被表示为一个单独的集合:
And, on the other hand the owners are represented as a separate collection:
{ "_id" : 0 , "username":"John"}, { "_id" : 1 , "username":"Sam"}
如何确保在我插入文档时它以正确的方式引用用户.在老式 RDBMS 中,这可以使用外键轻松完成.
How can I make sure that, when I insert a document it references the user in a correct way. In old-school RDBMS this could easily be done using a Foreign Key.
我知道我可以从我的业务代码中检查插入的正确性,但是如果攻击者篡改了我对服务器的请求并将 "owner" : 100 设置为 100 并且 Mongo 不会返回任何异常怎么办.
I know that I can check the correctness of insertion from my business code, BUT what if an attacker tampers with my request to the server and puts "owner" : 100, and Mongo doesn't throw any exception back.
我想知道在实际应用程序中应该如何处理这种情况.
I would like to know how this situation should be handled in a real-word application.
提前谢谢你!
推荐答案
MongoDB 没有外键(你可能已经注意到了).因此,基本上答案是不要让用户篡改请求.只让应用程序插入符合您的参照完整性规则的数据."
MongoDB doesn't have foreign keys (as you have presumably noticed). Fundamentally the answer is therefore, "Don't let users tamper with the requests. Only let the application insert data that follows your referential integrity rules."
MongoDB 在很多方面都很棒...但是如果您发现需要外键,那么它可能不是解决问题的正确方法.
MongoDB is great in lots of ways... but if you find that you need foreign keys, then it's probably not the correct solution to your problem.
这篇关于如何在 NoSql 数据库(MongoDB)中强制执行外键?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!