Is there any guideline on sanitizing the query term for RediSearch, e.g. certain characters such as * at the end of a term or @ - at start of term have special purposes in the query syntax and would be good to strip some/all of them out for queries where the special purpose doesn't apply. Also, I'm wondering if there are any security implications of passing in arbitrary query strings.
Sanitizing a query for RediSearch
673 Views Asked by mahemoff At
1
There are 1 best solutions below
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in SEARCH
- SQL weight rows by formula
- If Input is focused trigger X else trigger Y
- laravel full-text search with multiple keywords together
- Login form by using a new database, made in VB
- How to search for overloaded methods in a class
- Modifying Tries code in Java
- Doing a multi-column search for an item in a listView control using c#
- T SQL wildcard searching for a zip code
- django rest framework search filter all fields
- how to filter search result with dropdown list in php
- PHP/MySQL search... show all data by default, or show matched data
- Oracle multiple REPLACE options in REGEXP_REPLACE
- Is there a way to get all complete sentences that a search engine (e.g. Google) has indexed that contain two search terms?
- How to search a unknown composite key for dictionary in O(1) in c#
- android java search listview clickedItem
Related Questions in REDIS
- start redis with supervisor
- How to do Mass insertion in Redis using JAVA?
- RedisResponseException: Unknown reply on multi-request
- Redis / Get all keys & values from redis with prefix
- Remove a member from multiple sets in Redis
- Using memcached or Redis on aws-elasticache
- Get Socket Object by Id with node, redis-adapter and socket.io
- how can i save a complex json as string in redis and retrieve it as unescaped legit json object
- How to specify versions on PIP when installing a python package with it's dependencies
- Eloquent model for Redis
- Is exists check required before calling StringSet method of StrackExchange.Redis
- Predis: Pros and Cons of the two cluster strategies
- hmset redis with result from mysqlDB
- does redis cluster support transactions ?
- How change redis to be persistent
Related Questions in SANITIZE
- Sanitizing preg_match via Request in Laravel 5 not working as it should
- PHP with PDO: Compare santized input (filter_var) with prepared statement data
- Sanitize Array inside save_post
- Sanitizing sentence in PHP with preg_replace
- Injecting JavaScript into HTML while bypassing Rails Sanitize
- CakePHP sanitize parameter
- Are there any better alternatives to Sanitize for a Ruby app?
- Rails DON'T sanitize
- WordPress - How to sanitize multi-line text from a textarea without losing line breaks?
- rails sanitize pops out of <p> tag
- Angular - How do I sanitize a style inside a plain typescript class?
- How to sanitize a df according to specific variable values?
- Sanitize inputs to external process
- jQuery sanitizing comments and linkifying URLs
- Sanitize dynamic SQL query created by user. only SELECT allowed (no INSERT,UPDATE,DELETE,DROP, EXEC, etc...)
Related Questions in REDISEARCH
- How to retrieve data from RediSearch with Rust?
- Cannot create vector index in redis
- Redisearch full text index not working with Python client
- Range query in Redisearch with Python client
- Redis Redisearch Aggregate GroupBy multiple column
- How can we perform "Prefix Matching" in Redisearch over numbers?
- Redisearch, how to make it search faster?
- rediSearch Cannot create index on db != 0?
- How to get all the documents from an index in Redisearch?
- Redis issue on module-redis-fork
- Trying to run redisearch-go client example and wont compile
- Using RediSearch: Module Disabled in Open Source Redis
- How to run RediSearch module with Redis on WSL (Windows Subsystem for Linux)
- How to store dates/times in RediSearch
- Request specific fields (not all fields) with RediSearch
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Re security - no, redis itself makes sure that injection is impossible. You might want to check the limits on string lengths etc. At worst (barring bugs) a badly formed query will cause a syntax error to be returned.
Re syntax - yes, make sure the reserved symbols like
@!{}()|-=>are either escaped or stripped.