如何在 NoSql 数据库 (MongoDB) 中强制执行外键? [英] How to enforce foreign keys in NoSql databases (MongoDB)?

问题描述

假设我有一个文档集合，例如:

Let's say I have a collection of documents such as:

{ "_id" : 0 , "owner":0 "name":"Doc1"},{ "_id" : 1 , "owner":1, "name":"Doc1"}, etc

另一方面，所有者表示为一个单独的集合:

And, on the other hand the owners are represented as a separate collection:

{ "_id" : 0 , "username":"John"}, { "_id" : 1 , "username":"Sam"}

如何确保在插入文档时以正确的方式引用用户.在老式 RDBMS 中，这可以使用外键轻松完成.

How can I make sure that, when I insert a document it references the user in a correct way. In old-school RDBMS this could easily be done using a Foreign Key.

我知道我可以从我的业务代码中检查插入的正确性，但是如果攻击者篡改了我对服务器的请求并将owner"设置为 100，并且 Mongo 不会抛出任何异常，该怎么办.

I know that I can check the correctness of insertion from my business code, BUT what if an attacker tampers with my request to the server and puts "owner" : 100, and Mongo doesn't throw any exception back.

我想知道在实际应用程序中应该如何处理这种情况.

I would like to know how this situation should be handled in a real-word application.

先谢谢你！

推荐答案

MongoDB 没有外键(您可能已经注意到了).因此，从根本上说，答案是不要让用户篡改请求.只让应用程序插入遵循您的参照完整性规则的数据."

MongoDB doesn't have foreign keys (as you have presumably noticed). Fundamentally the answer is therefore, "Don't let users tamper with the requests. Only let the application insert data that follows your referential integrity rules."

MongoDB 在很多方面都很棒……但是如果您发现需要外键，那么它可能不是您问题的正确解决方案.

MongoDB is great in lots of ways... but if you find that you need foreign keys, then it's probably not the correct solution to your problem.

这篇关于如何在 NoSql 数据库 (MongoDB) 中强制执行外键?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！