Do developers need to sanitize JSON input before sending to Riak Client?

J. Austin Hughey jaustinhughey at gmail.com
Fri Dec 12 06:30:37 EST 2014


 
Hi,

I’m fairly new to Riak, and I haven’t seen a clear answer to this question through Google, so I’m going to ask the list here.  

Do I need to sanitize user input BEFORE sending to the Riak client, or does the client handle sanitization? (I plan to use the Ruby client, but I may want to use a different language client later on too depending on the project.)

I can see the potential for injection here being a real issue:  

{  
“username”:”bob”,
“password_hash”:”abc123xyz\””,”admin”:”true"
}

…or something like that. You get the idea. I’m just trying to get it right before I start building something that’s just begging to get owned.

Thanks.

--  
J. Austin Hughey





More information about the riak-users mailing list