Reading the MongoDB manual, at the bottom, it say's that schema validation can be bypassed using the bypassDocumentValidation when doing an insert or update.
If I want to make sure that no one can put incorrect data into the database, should I only offer access through a API that can enforce these rules without them being bypassed?
Two ways:
as you said, simply wrap the request to mongo in your own method.
you can authentify to mongo with a user which cannot bypass validation. A bit trickier to do.
See mongo docs: https://docs.mongodb.com/manual/reference/privilege-actions/#bypassDocumentValidation
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments