comments (not for humans)
My previous post explained how NOSQL-injection can occur when using NOSQL-databases. I showed an example using MongoDB. In this post I'll show you how to protect your application.

[...]
I thought about what Mr. X said for a while.
[...]
"So let's go back to the input validation", Mr. X said. "How do you want to do the validation of the names now?"
[...]
"Now remember", Mr. X said, "that we are storing most of our user data in LDAP. But when we are storing orders, we store the name in our SQL database as a part of the shipping address. How do you suggest we handle LDAP injection with your approach?"
[...]
After finishing the call, Mr. X came back into my office.
[...]
The next morning I got my first go at a real system for a real customer. One of the company's clients had recently had a successful hacking attempt on one of their systems, and they wanted us to review and fix it.
[...]
Many web sites have SQL-injection and XSS (Cross Site Scripting) vulnerabilities, and security articles often mention lack of input validation as the reason for these problems. This isn't necessarily correct.
[...]