{"id":1974,"date":"2015-09-29T22:20:49","date_gmt":"2015-09-29T22:20:49","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=1974"},"modified":"2025-06-13T23:47:41","modified_gmt":"2025-06-14T06:47:41","slug":"couchbase-and-n1ql-security-centeredgesoftware","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/pt\/couchbase-and-n1ql-security-centeredgesoftware\/","title":{"rendered":"Postagem de convidado da CenterEdge Software: Seguran\u00e7a do Couchbase e N1QL"},"content":{"rendered":"

Observa\u00e7\u00e3o: este \u00e9 um post convidado de Brant Burnett<\/a> de Software CenterEdge<\/a>A empresa desenvolve POS e software especializado para os setores de parques de divers\u00f5es, lazer e entretenimento.<\/strong><\/p>\n

Vis\u00e3o geral<\/h2>\n

O N1QL \u00e9 uma nova ferramenta incrivelmente poderosa que ajudar\u00e1 a levar os bancos de dados NoSQL a um grupo maior de desenvolvedores com uma curva de aprendizado muito menor. Isso ajudar\u00e1 os desenvolvedores a criar aplicativos avan\u00e7ados, robustos e de alto desempenho com mais rapidez e facilidade do que nunca. Por\u00e9m, com qualquer nova tecnologia, a \u00e1rea de superf\u00edcie para os hackers atacarem \u00e9 inerentemente maior.<\/p>\n

A inje\u00e7\u00e3o de SQL \u00e9 uma falha de seguran\u00e7a bem conhecida, comumente encontrada em aplicativos baseados em SQL, e tem sido muito bem documentada ao longo dos anos. Ent\u00e3o, como o N1QL se compara ao SQL em termos de seguran\u00e7a? O N1QL tamb\u00e9m \u00e9 vulner\u00e1vel a ataques de inje\u00e7\u00e3o? Em caso afirmativo, como os desenvolvedores podem evitar essas armadilhas?<\/p>\n

Uma an\u00e1lise da inje\u00e7\u00e3o de SQL<\/h2>\n

A inje\u00e7\u00e3o de SQL \u00e9 uma forma de inje\u00e7\u00e3o de c\u00f3digo em que o usu\u00e1rio final pode adicionar c\u00f3digo malicioso \u00e0s consultas SQL que est\u00e3o sendo executadas pelo seu aplicativo. Um exemplo simples \u00e9 esta consulta:<\/p>\n

var query = \"SELECT * FROM users WHERE name ='\" + userName + \"'\";<\/code><\/pre>\n
Se o desenvolvedor n\u00e3o tomar medidas para proteger seu aplicativo, o usu\u00e1rio poder\u00e1 incluir texto malicioso no campo userName. Por exemplo:<\/p>\n
SELECT * FROM users WHERE name = '' OR '1'='1';<\/code><\/pre>\n
Essa consulta resulta da inser\u00e7\u00e3o pelo usu\u00e1rio de \"' OR '1'='1\". Agora, a consulta retornar\u00e1 todos os usu\u00e1rios do sistema para o usu\u00e1rio mal-intencionado.<\/p>\n
Para permitir altera\u00e7\u00f5es mais poderosas na consulta, o usu\u00e1rio mal-intencionado tamb\u00e9m pode usar coment\u00e1rios para excluir parte da consulta do desenvolvedor. Amplia\u00e7\u00e3o do exemplo anterior:<\/p>\n
var query = \"SELECT * FROM users WHERE name = '\" + userName + \"' AND group = 5\";<\/code><\/pre>\n
Pode ser injetado com:<\/p>\n
SELECT * FROM users WHERE name = '' OR 1=1 --' AND group = 5<\/code><\/pre>\n
Como o SQL ignorar\u00e1 todo o texto ap\u00f3s \"-\", a restri\u00e7\u00e3o de que o grupo deve ser 5 foi removida da consulta. Mais uma vez, todos os usu\u00e1rios do sistema s\u00e3o retornados para o usu\u00e1rio mal-intencionado.<\/p>\n
O usu\u00e1rio tamb\u00e9m pode combinar os coment\u00e1rios com comandos em lote para alterar os dados em seu banco de dados:<\/p>\n
SELECT * FROM users WHERE name = 'blah'; DROP TABLE auditlog \/*\u2019AND group = 5<\/code><\/pre>\n
Como isso afeta o N1QL?<\/h2>\n
Ap\u00f3s alguns experimentos, o N1QL \u00e9 de fato mais resistente a ataques de inje\u00e7\u00e3o do que o SQL tradicional. Por exemplo, o N1QL n\u00e3o suporta atualmente o agrupamento de v\u00e1rios comandos. Portanto, n\u00e3o h\u00e1 equivalente aos ataques em lote que permitem modifica\u00e7\u00f5es maliciosas de dados em SQL. Por exemplo, este ataque de inje\u00e7\u00e3o, que poderia funcionar em SQL, \u00e9 rejeitado como sintaxe inv\u00e1lida:<\/p>\n
SELECT * FROM users WHERE name = ''; UPDATE users SET password = \u20181234\u2019; SELECT * FROM users WHERE name = ''\r\n<\/code><\/pre>\n
No entanto, ainda h\u00e1 op\u00e7\u00f5es para um usu\u00e1rio mal-intencionado realizar um ataque. Sem prote\u00e7\u00e3o, esses ataques podem resultar na permiss\u00e3o de acesso a dados protegidos ou na nega\u00e7\u00e3o de servi\u00e7o porque as consultas alteradas usam muito poder de processamento no cluster do Couchbase.<\/p>\n
Al\u00e9m disso, alguns recursos, como batching, certamente poder\u00e3o ser adicionados em uma vers\u00e3o futura do N1QL. Portanto, se os desenvolvedores n\u00e3o protegerem a entrada do usu\u00e1rio em suas consultas, a modifica\u00e7\u00e3o de dados poder\u00e1 se tornar um problema no futuro.<\/p>\n
Modifica\u00e7\u00f5es da cl\u00e1usula Where<\/h2>\n
Assim como na inje\u00e7\u00e3o de SQL, a inje\u00e7\u00e3o de N1QL permite a altera\u00e7\u00e3o da cl\u00e1usula WHERE. Por exemplo:<\/p>\n
var query = \"SELECT * FROM users WHERE name = '\" + userName + \"'\";<\/code><\/pre>\n
Pode se tornar:<\/p>\n
SELECT * FROM users WHERE name = '' OR '1'='1'\r\n<\/code><\/pre>\n
Devido \u00e0s regras de preced\u00eancia de operador para os operadores AND e OR, esse ataque pode at\u00e9 funcionar se houver cl\u00e1usulas adicionais:<\/p>\n
var query = \"SELECT * FROM users WHERE name LIKE '%\" userName + \"%' AND group = 5<\/code><\/pre>\n
Ainda retorna todos os usu\u00e1rios quando se torna:<\/p>\n
SELECT * FROM users WHERE name LIKE '%' OR ''='%' AND group = 5<\/code><\/pre>\n
Coment\u00e1rios N1QL<\/h2>\n
O sistema de coment\u00e1rios do N1QL usa blocos de coment\u00e1rios no estilo C (\/* comment *\/) em vez de usar \"-\" para comentar o restante da linha. Isso protege o N1QL de alguns dos ataques de inje\u00e7\u00e3o mais avan\u00e7ados. Como o N1QL exige um coment\u00e1rio de fechamento *\/, os invasores n\u00e3o podem comentar partes de sua consulta sem causar um erro de sintaxe.<\/p>\n
Observe, no entanto, que isso depende de o desenvolvedor n\u00e3o deixar coment\u00e1rios em sua consulta. Se houver um coment\u00e1rio no texto da consulta, o usu\u00e1rio agora tem um bloco de coment\u00e1rios de fechamento para usar a seu favor:<\/p>\n
var query = \"SELECT * FROM users WHERE name = '\" + userName + \"' AND group = 5 \/* only return group 5 *\/\";<\/code><\/pre>\n
Pode ser injetado com \"OR 1=1 \/*\":<\/p>\n
SELECT * FROM users WHERE name = '' OR 1=1 \/*' AND group = 5 \/* only return group 5 *\/<\/code><\/pre>\n
Como no exemplo do SQL, a restri\u00e7\u00e3o de grupo agora foi removida da consulta.<\/p>\n
Inje\u00e7\u00e3o de identificador N1QL<\/h2>\n
O modelo de documento sem esquema do Couchbase cria, na verdade, uma nova \u00e1rea de ataque interessante. Ao trabalhar com SQL, \u00e9 muito raro incluir a entrada do usu\u00e1rio em qualquer lugar, exceto na cl\u00e1usula WHERE ou ORDER BY da sua consulta. Isso ocorre porque os nomes das tabelas e colunas s\u00e3o bem conhecidos e n\u00e3o mudam.<\/p>\n
A falta de um esquema para os documentos do Couchbase, no entanto, significa que os desenvolvedores podem ficar tentados a permitir que o usu\u00e1rio controle quais campos est\u00e3o sendo selecionados no documento.<\/p>\n
var query = \"SELECT \" + field + \" FROM users WHERE type = 'user'\";<\/code><\/pre>\n
Ap\u00f3s a inje\u00e7\u00e3o, torna-se:<\/p>\n
SELECT name, (SELECT * FROM users as users2 USE KEYS users.userPasswordDocumentIds) as passwordDoc FROM users WHERE type = 'user'<\/code><\/pre>\n
Agora, o invasor tem acesso aos dados de um documento de senha relacionado que n\u00e3o estava no documento do usu\u00e1rio especificado pelo desenvolvedor.<\/p>\n
Como proteger seu aplicativo<\/h2>\n
Felizmente, \u00e9 t\u00e3o f\u00e1cil proteger seu aplicativo contra ataques de inje\u00e7\u00e3o N1QL quanto contra ataques de inje\u00e7\u00e3o SQL. Aqui est\u00e3o algumas diretrizes que facilitam a seguran\u00e7a. Os exemplos est\u00e3o em C#, mas os conceitos se aplicam igualmente a qualquer outra linguagem.<\/p>\n
    \n
  1. Melhores pr\u00e1ticas:<\/strong> Em vez de inserir a entrada do usu\u00e1rio diretamente na consulta, use par\u00e2metros nomeados ou posicionais como prote\u00e7\u00e3o. Dessa forma, a entrada do usu\u00e1rio nunca \u00e9 adicionada diretamente \u00e0 sua consulta, fornecendo prote\u00e7\u00e3o 100% contra todos os ataques de inje\u00e7\u00e3o.\n
    var query = \"SELECT * FROM users WHERE userName = '\" + userName + \"'\";<\/code><\/pre>\n
    Deveria ser:<\/p>\n
    var query = new QueryRequest(\"SELECT * FROM users WHERE userName = $userName\");\r\nquery.AddNamedParameter(\u201c$userName\u201d, userName);<\/code><\/pre>\n<\/li>\n
  2. Pr\u00e1tica recomendada #2:<\/strong> Use uma constru\u00e7\u00e3o de linguagem fortemente tipada, como POCOs .Net ou POJOs Java, que geram o texto da consulta. Por exemplo, a biblioteca Linq2Couchbase (https:\/\/github.com\/couchbaselabs\/Linq2Couchbase) lida com o escape adequado ao gerar N1QL a partir de consultas LINQ.<\/li>\n
  3. Se voc\u00ea inserir cadeias de caracteres de entrada do usu\u00e1rio na sua consulta, sempre escape das aspas.  Substitua qualquer inst\u00e2ncia de uma aspa simples (') por duas aspas simples (\").\n
    var query = \"SELECT * FROM users WHERE userName = '\" + userName + \"'\";<\/code><\/pre>\n
    Deveria ser:<\/p>\n
    var query = \"SELECT * FROM users WHERE userName = '\" + userName.Replace(\"'\", \"''\") + \"'\";<\/code><\/pre>\n<\/li>\n
  4. When inserting user input identifiers into your query, always escape the identifier with ticks (`). Then replace any instance of a tick in the input with two ticks (“). Note that there is no named parameter equivalent for identifiers, so escaping is the identifier is the best solution.\n
    var query = \"SELECT \" + field + \" FROM users WHERE group = 5\";<\/code><\/pre>\n
    Deveria ser:<\/p>\n
    var query = \"SELECT `\" + field.Replace(\"`\", \"``\") + \"` FROM users WHERE group = 5\";<\/code><\/pre>\n<\/li>\n
  5. Se voc\u00ea implementar as outras regras, tamb\u00e9m estar\u00e1 protegido contra ataques baseados em coment\u00e1rios.  No entanto, uma pol\u00edtica secund\u00e1ria contra coment\u00e1rios em consultas que contenham entradas do usu\u00e1rio pode oferecer prote\u00e7\u00e3o adicional caso um desenvolvedor esque\u00e7a as outras regras. Em vez disso, basta colocar todos os coment\u00e1rios no c\u00f3digo do aplicativo em vez de na pr\u00f3pria consulta.\n
    var query = \"SELECT * FROM users WHERE userName = '\" + userName + \"' AND group = 5 \/* only return group 5 *\/\";<\/code><\/pre>\n
    Deveria ser:<\/p>\n
    var query = \"SELECT * FROM users WHERE userName = '\" + userName.Replace(\"'\", \"''\u201d) + \"' AND group = 5\"; \/\/ only return group 5<\/code><\/pre>\n<\/li>\n<\/ol>\n
    Para ver exemplos desses ataques e seus m\u00e9todos de prote\u00e7\u00e3o no C#, consulte este reposit\u00f3rio do GitHub: https:\/\/github.com\/brantburnett\/N1QlInjection<\/a>. Observe que voc\u00ea precisar\u00e1 do Couchbase instalado localmente e com o beer-sample instalado para executar os testes.<\/p>\n
    Conclus\u00e3o<\/h2>\n
    Embora o N1QL seja vulner\u00e1vel a ataques de inje\u00e7\u00e3o, essa vulnerabilidade n\u00e3o \u00e9 pior do que as vulnerabilidades bem conhecidas do SQL. Al\u00e9m disso, \u00e9 muito f\u00e1cil para os desenvolvedores se protegerem contra ataques de inje\u00e7\u00e3o. Portanto, o N1QL oferece uma excelente plataforma para o desenvolvimento de aplicativos seguros usando os bancos de dados NoSQL do Couchbase.<\/p>","protected":false},"excerpt":{"rendered":"
    Note: this is a guest post by Brant Burnett of CenterEdge Software, a company which developes POS and specialty software for the amusement park, leisure and entertainment industries. Overview N1QL is an incredibly powerful new tool which will help to […]<\/p>","protected":false},"author":21,"featured_media":13873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1811,10127,1813,1812,2201],"tags":[],"ppma_author":[8970],"class_list":["post-1974","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet","category-c-sharp","category-security","category-n1ql-query","category-tools-sdks"],"acf":[],"yoast_head":"\nGuest post from CenterEdge Software- The Couchbase Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/pt\/couchbase-and-n1ql-security-centeredgesoftware\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Guest post from CenterEdge Software: Couchbase and N1QL Security\" \/>\n<meta property=\"og:description\" content=\"Note: this is a guest post by Brant Burnett of CenterEdge Software, a company which developes POS and specialty software for the amusement park, leisure and entertainment industries. Overview N1QL is an incredibly powerful new tool which will help to […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/pt\/couchbase-and-n1ql-security-centeredgesoftware\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2015-09-29T22:20:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T06:47:41+00:00\" \/>\n<meta name=\"author\" content=\"Jeff Morris, Senior Software Engineer, Couchbase\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@jeffrysmorris\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Morris, Senior Software Engineer, Couchbase\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\"},\"author\":{\"name\":\"Jeff Morris, Senior Software Engineer, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/b678bdd9f7b21a33d43ea965865a3341\"},\"headline\":\"Guest post from CenterEdge Software: Couchbase and N1QL Security\",\"datePublished\":\"2015-09-29T22:20:49+00:00\",\"dateModified\":\"2025-06-14T06:47:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\"},\"wordCount\":1066,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"articleSection\":[\".NET\",\"C#\",\"Security\",\"SQL++ \/ N1QL Query\",\"Tools & SDKs\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\",\"name\":\"Guest post from CenterEdge Software- The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"datePublished\":\"2015-09-29T22:20:49+00:00\",\"dateModified\":\"2025-06-14T06:47:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"width\":1800,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Guest post from CenterEdge Software: Couchbase and N1QL Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/b678bdd9f7b21a33d43ea965865a3341\",\"name\":\"Jeff Morris, Senior Software Engineer, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/73188ee2831025d81740e12e1ed80812\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5f910befdbd58de8bac85293df7f544680843061ecc921ba7d293d6d52076ab3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5f910befdbd58de8bac85293df7f544680843061ecc921ba7d293d6d52076ab3?s=96&d=mm&r=g\",\"caption\":\"Jeff Morris, Senior Software Engineer, Couchbase\"},\"description\":\"Jeff Morris is a Senior Software Engineer at Couchbase. Prior to joining Couchbase, Jeff spent six years at Source Interlink as an Enterprise Web Architect. Jeff is responsible for the development of Couchbase SDKs and how to integrate with N1QL (query language).\",\"sameAs\":[\"https:\/\/x.com\/jeffrysmorris\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/pt\/author\/jeff-morris\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Guest post from CenterEdge Software- The Couchbase Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/pt\/couchbase-and-n1ql-security-centeredgesoftware\/","og_locale":"pt_BR","og_type":"article","og_title":"Guest post from CenterEdge Software: Couchbase and N1QL Security","og_description":"Note: this is a guest post by Brant Burnett of CenterEdge Software, a company which developes POS and specialty software for the amusement park, leisure and entertainment industries. Overview N1QL is an incredibly powerful new tool which will help to […]","og_url":"https:\/\/www.couchbase.com\/blog\/pt\/couchbase-and-n1ql-security-centeredgesoftware\/","og_site_name":"The Couchbase Blog","article_published_time":"2015-09-29T22:20:49+00:00","article_modified_time":"2025-06-14T06:47:41+00:00","author":"Jeff Morris, Senior Software Engineer, Couchbase","twitter_card":"summary_large_image","twitter_creator":"@jeffrysmorris","twitter_misc":{"Written by":"Jeff Morris, Senior Software Engineer, Couchbase","Est. reading time":"7 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/"},"author":{"name":"Jeff Morris, Senior Software Engineer, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/b678bdd9f7b21a33d43ea965865a3341"},"headline":"Guest post from CenterEdge Software: Couchbase and N1QL Security","datePublished":"2015-09-29T22:20:49+00:00","dateModified":"2025-06-14T06:47:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/"},"wordCount":1066,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","articleSection":[".NET","C#","Security","SQL++ \/ N1QL Query","Tools & SDKs"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/","url":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/","name":"Guest post from CenterEdge Software- The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","datePublished":"2015-09-29T22:20:49+00:00","dateModified":"2025-06-14T06:47:41+00:00","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","width":1800,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Guest post from CenterEdge Software: Couchbase and N1QL Security"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"Blog do Couchbase","description":"Couchbase, o banco de dados NoSQL","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"Blog do Couchbase","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/b678bdd9f7b21a33d43ea965865a3341","name":"Jeff Morris, engenheiro de software s\u00eanior, Couchbase","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/73188ee2831025d81740e12e1ed80812","url":"https:\/\/secure.gravatar.com\/avatar\/5f910befdbd58de8bac85293df7f544680843061ecc921ba7d293d6d52076ab3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5f910befdbd58de8bac85293df7f544680843061ecc921ba7d293d6d52076ab3?s=96&d=mm&r=g","caption":"Jeff Morris, Senior Software Engineer, Couchbase"},"description":"Jeff Morris \u00e9 engenheiro de software s\u00eanior da Couchbase. Antes de ingressar na Couchbase, Jeff passou seis anos na Source Interlink como arquiteto da Web corporativa. Jeff \u00e9 respons\u00e1vel pelo desenvolvimento dos SDKs do Couchbase e pela integra\u00e7\u00e3o com o N1QL (linguagem de consulta).","sameAs":["https:\/\/x.com\/jeffrysmorris"],"url":"https:\/\/www.couchbase.com\/blog\/pt\/author\/jeff-morris\/"}]}},"authors":[{"term_id":8970,"user_id":21,"is_guest":0,"slug":"jeff-morris","display_name":"Jeff Morris, Senior Software Engineer, Couchbase","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/5f910befdbd58de8bac85293df7f544680843061ecc921ba7d293d6d52076ab3?s=96&d=mm&r=g","author_category":"","last_name":"Jeff Morris, Senior Software Engineer, Couchbase","first_name":"Jeff","job_title":"","user_url":"","description":"Jeff Morris \u00e9 engenheiro de software s\u00eanior da Couchbase. Antes de ingressar na Couchbase, Jeff passou seis anos na Source Interlink como arquiteto da Web corporativa. Jeff \u00e9 respons\u00e1vel pelo desenvolvimento dos SDKs do Couchbase e pela integra\u00e7\u00e3o com o N1QL (linguagem de consulta)."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/1974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/comments?post=1974"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/1974\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media\/13873"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media?parent=1974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/categories?post=1974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/tags?post=1974"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/ppma_author?post=1974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}