User Input Validation

User Input Validation

User input should be validated by the client application, before the input is sent to Couchbase Server: this constitutes protection against malicious update, insertion, and erasure of data.

Forms of Attack

The following forms of attack, based on the manipulation of user input, should be anticipated:

  • Injecting arbitrary key-value pairs into an existing document.

  • Changing the user-specified document-type from private to public; and thereby increasing the possibility of illicit access.

  • Overriding important document-fields.

For example, a malicious user might attempt to overwrite an existing password by generating the following JSON document:

{"user": "will","password":"0asd21$1%", "created":"2012-06-12", "password":"password"}

In this document, the first password-field contains 0asd21$1%, which is the intended value. Note however, that an additional password name-value pair has been concatenated onto the document-content. Submission of this modified document would result in the plain password value overwriting the earlier specified, intended password.

Forms of Protection

Malicious user-input is most effectively protected against by client applications that do not permit unconstrained document-configuration by users; and instead impose a more restrictive interface; whereby, for example, only specific values or name-value pairs are accepted, and are properly validated before dispatch. (A document-model featuring Java POJOs or .NET POCOs might be used for such purposes.)