Received: by 10.224.198.9 with SMTP id em9mr13832658qab.3.1326597139031;
        Sat, 14 Jan 2012 19:12:19 -0800 (PST)
X-BeenThere: mongodb-dev@googlegroups.com
Received: by 10.229.42.78 with SMTP id r14ls6661558qce.5.gmail; Sat, 14 Jan
 2012 19:12:17 -0800 (PST)
Received: by 10.224.188.147 with SMTP id da19mr13799432qab.8.1326597137795;
        Sat, 14 Jan 2012 19:12:17 -0800 (PST)
Received: by 10.224.188.147 with SMTP id da19mr13799431qab.8.1326597137788;
        Sat, 14 Jan 2012 19:12:17 -0800 (PST)
Return-Path: <s...@sidneysm.com>
Received: from mail-qw0-f50.google.com (mail-qw0-f50.google.com [209.85.216.50])
        by gmr-mx.google.com with ESMTPS id z3si9955695qcr.1.2012.01.14.19.12.17
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sat, 14 Jan 2012 19:12:17 -0800 (PST)
Received-SPF: neutral (google.com: 209.85.216.50 is neither permitted nor denied by best guess record for domain of s...@sidneysm.com) client-ip=209.85.216.50;
Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 209.85.216.50 is neither permitted nor denied by best guess record for domain of s...@sidneysm.com) smtp.mai...@sidneysm.com; dkim=pass header...@sidneysm.com
Received: by qabg27 with SMTP id g27so741446qab.9
        for <mongodb-dev@googlegroups.com>; Sat, 14 Jan 2012 19:12:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sidneysm.com; s=google;
        h=content-type:mime-version:subject:from:in-reply-to:date
         :content-transfer-encoding:message-id:references:to:x-mailer;
        bh=b9hiu69eD+teNN31c+a3s2DxdbVFxb9L5zoP8ZEHydE=;
        b=D9MTy8eGWH5txlQTZSJR3isUwHSqzCYFsQp9Z5x6jZJ9Af2cZq3B5fVmxrY8+2eDDw
         iygpADZL09g168u+wgFGR58aMHPznvwwEKVX7Ynewf5vcJexEjqt4NqL7vWVViQ/XN4B
         sJZrKotu7ststj/AdPnp0kIzg1ZTO1mtzfF98=
Received: by 10.224.10.19 with SMTP id n19mr8460408qan.68.1326597137500;
        Sat, 14 Jan 2012 19:12:17 -0800 (PST)
Return-Path: <s...@sidneysm.com>
Received: from [192.168.1.5] (ool-43536f0d.dyn.optonline.net. [67.83.111.13])
        by mx.google.com with ESMTPS id co15sm27466147qab.1.2012.01.14.19.12.16
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sat, 14 Jan 2012 19:12:16 -0800 (PST)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Apple Message framework v1251.1)
Subject: Re: [mongodb-dev] $eq, $gt, $in, etc. and injection
From: =?iso-8859-1?Q?Sidney_San_Mart=EDn?= <s...@sidneysm.com>
In-Reply-To: <CALOM=qj3=xBN6fYYExYv0XdtwyscKHW49i4eKZyDEM8=W=D...@mail.gmail.com>
Date: Sat, 14 Jan 2012 22:12:15 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD2C6DF0-7A74-4E21-B8FD-4DCE5427B...@sidneysm.com>
References: <9898605.423.1323557408847.JavaMail.geo-discussion-forums@yqcd41> <CAHWLjBD9onvfeSofXhFcy3g5fjJ5nAOgSo9yqyMJEHFnaaS...@mail.gmail.com> <CALOM=qidCD0C9mTM+TrkWSqvTdASPiCwjoaqR942xP9=6f-...@mail.gmail.com> <20377323.408.1323664578507.JavaMail.geo-discussion-forums@yqiw17> <CA+d+gT4aLDzaBcYMti=edCLnEAr6exANT_F-2kZ2biQw9zg...@mail.gmail.com> <AFE203F5-C7B2-451C-B814-E1A995CAC...@sidneysm.com> <CACgri=voivfu5f_b6UMbTmKO0t-kHQg+fYTUnPZKKkN6YoF...@mail.gmail.com> <1FBF6281-925A-4C5E-BE9B-89A984911...@sidneysm.com> <CALOM=qj3=xBN6fYYExYv0XdtwyscKHW49i4eKZyDEM8=W=D...@mail.gmail.com>
To: mongodb-dev@googlegroups.com
X-Mailer: Apple Mail (2.1251.1)

On Jan 14, 2012, at 8:54 PM, Scott Hernandez wrote:
> Maybe the basic misunderstanding.her is that the drivers do not send =
queries as strings to the server but instead send bson. The server does =
not evaluate strings as structured elements, with a few exceptions.

Absolutely, and that=92s something that I love about MongoDB.

Is it reasonable for me to argue that untrusted inputs aren=92t =
necessarily strings either?