Insecure data storage – NoSQL database
NoSQL databases are being widely used these days. Enterprises are widely adapting NoSQL databases such as MongoDB, CouchDB, and so on. These databases have support for mobile applications, too. Similar to any other local storage technique, data when stored using NoSQL databases in an insecure manner is possible to exploit. This section walks through the concepts of how improper usage of NoSQL databases can cause insecure data storage vulnerabilities.
Let's look into this vulnerability using a sample application.
NoSQL demo application functionality
Knowing the functionality of the application is very important to understand the risk it has and enables us to find the risk of the app.
Let's look at a sample application which acts like a password vault. The user provided data is then stored in the form documents in the NoSQL database.
Below is the code snippet used for building the demo application:
String databaseName = "credentials"; Database db; Manager...