如何在NoSql数据库(MongoDB)中实施外键? [英] How to enforce foreign keys in NoSql databases (MongoDB)?
问题描述
假设我有一些文件,例如:
{ "_id" : 0 , "owner":0 "name":"Doc1"},{ "_id" : 1 , "owner":1, "name":"Doc1"}, etc
另一方面,所有者表示为一个单独的集合:
{ "_id" : 0 , "username":"John"}, { "_id" : 1 , "username":"Sam"}
当我插入文档时,如何确保它以正确的方式引用了用户.在老式RDBMS中,可以使用外键轻松完成此操作.
我知道我可以从我的业务代码中检查插入的正确性,但是,如果攻击者篡改了我对服务器的请求,并将所有者"设置为100,而Mongo不会抛出任何异常,那该怎么办. >
我想知道在真字应用程序中应如何处理这种情况.
提前谢谢!
MongoDB没有外键(如您所知).因此,根本的答案是:不要让用户篡改请求.只能让应用程序插入遵循参照完整性规则的数据."
MongoDB在很多方面都很出色……但是,如果您发现需要外键,那么它可能不是解决问题的正确方法.
Let's say I have a collection of documents such as:
{ "_id" : 0 , "owner":0 "name":"Doc1"},{ "_id" : 1 , "owner":1, "name":"Doc1"}, etc
And, on the other hand the owners are represented as a separate collection:
{ "_id" : 0 , "username":"John"}, { "_id" : 1 , "username":"Sam"}
How can I make sure that, when I insert a document it references the user in a correct way. In old-school RDBMS this could easily be done using a Foreign Key.
I know that I can check the correctness of insertion from my business code, BUT what if an attacker tampers with my request to the server and puts "owner" : 100, and Mongo doesn't throw any exception back.
I would like to know how this situation should be handled in a real-word application.
Thank you in advance!
MongoDB doesn't have foreign keys (as you have presumably noticed). Fundamentally the answer is therefore, "Don't let users tamper with the requests. Only let the application insert data that follows your referential integrity rules."
MongoDB is great in lots of ways... but if you find that you need foreign keys, then it's probably not the correct solution to your problem.
这篇关于如何在NoSql数据库(MongoDB)中实施外键?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
