Let’s say I have a collection of documents such as: { _id : 0

Question

0

Asked: May 26, 20262026-05-26T23:53:46+00:00 2026-05-26T23:53:46+00:00

Let’s say I have a collection of documents such as: { _id : 0

0

Let’s say I have a collection of documents such as:

{ "_id" : 0 , "owner":0 "name":"Doc1"},{ "_id" : 1 , "owner":1, "name":"Doc1"}, etc

And, on the other hand the owners are represented as a separate collection:

{ "_id" : 0 , "username":"John"}, { "_id" : 1 , "username":"Sam"}

How can I make sure that, when I insert a document it references the user in a correct way. In old-school RDBMS this could easily be done using a Foreign Key.

I know that I can check the correctness of insertion from my business code, BUT what if an attacker tampers with my request to the server and puts “owner” : 100, and Mongo doesn’t throw any exception back.

I would like to know how this situation should be handled in a real-word application.

Thank you in advance!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T23:53:47+00:00

Editorial Team

2026-05-26T23:53:47+00:00Added an answer on May 26, 2026 at 11:53 pm

MongoDB doesn’t have foreign keys (as you have presumably noticed). Fundamentally the answer is therefore, “Don’t let users tamper with the requests. Only let the application insert data that follows your referential integrity rules.”

MongoDB is great in lots of ways… but if you find that you need foreign keys, then it’s probably not the correct solution to your problem.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Let’s say I have a collection of documents such as: { _id : 0

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply