{"id":1974,"date":"2015-09-29T22:20:49","date_gmt":"2015-09-29T22:20:49","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=1974"},"modified":"2025-06-13T23:47:41","modified_gmt":"2025-06-14T06:47:41","slug":"couchbase-and-n1ql-security-centeredgesoftware","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/","title":{"rendered":"Guest post from CenterEdge Software: Couchbase and N1QL Security"},"content":{"rendered":"<p><strong>Note: this is a guest post by <a href=\"mailto:bburnett@centeredgesoftware.com\">Brant Burnett<\/a> of <a href=\"https:\/\/centeredgesoftware.com\/\" target=\"_blank\" rel=\"noopener\">CenterEdge Software<\/a>, a company which developes POS and specialty software for the amusement park, leisure and entertainment industries.<\/strong><\/p>\n<h2>Overview<\/h2>\n<p>N1QL is an incredibly powerful new tool which will help to bring NoSQL databases to a wider pool of developers with a much shallower learning curve. \u00a0This will help developers create advanced, performant, and robust applications more quickly and easily than ever before. \u00a0But with any new technology, the surface area for hackers to attack is inherently increased.<\/p>\n<p>SQL injection is a well known security flaw commonly found in SQL-based applications, and has been very well documented over the years. \u00a0So how does N1QL compare to SQL in terms of security? \u00a0Is N1QL vulnerable to injection attacks as well? If so, how can developers avoid these pitfalls?<\/p>\n<h2>A Review of SQL Injection<\/h2>\n<p>SQL injection is a form of code injection where the end user can add malicious code to SQL queries being run by your application. A simple example is this query:<\/p>\n<pre><code class=\"language-cs\">var query = \"SELECT * FROM users WHERE name ='\" + userName + \"'\";<\/code><\/pre>\n<p>If the developer doesn&#8217;t take steps to protect their application, the user may include malicious text in the userName field. For example:<\/p>\n<pre><code class=\"language-sql\">SELECT * FROM users WHERE name = '' OR '1'='1';<\/code><\/pre>\n<p>This query results from the user inputting &#8220;&#8216; OR &#8216;1&#8217;=&#8217;1&#8221;. Now the query will return all users in the system to the malicious user.<\/p>\n<p>To allow more powerful query alterations, the malicious user might also use comments to exclude part of the developer&#8217;s query. Extending the previous example:<\/p>\n<pre><code class=\"language-sql\">var query = \"SELECT * FROM users WHERE name = '\" + userName + \"' AND group = 5\";<\/code><\/pre>\n<p>Could be injected with:<\/p>\n<pre><code class=\"language-sql\">SELECT * FROM users WHERE name = '' OR 1=1 --' AND group = 5<\/code><\/pre>\n<p>Since SQL will ignore all text after &#8220;&#8211;&#8220;, the restriction that group must be 5 is now removed from the query. Once again, all users in the system are returned to the malicious user.<\/p>\n<p>The user might also combine the comments with batch commands to alter data in your database:<\/p>\n<pre><code class=\"language-sql\">SELECT * FROM users WHERE name = 'blah'; DROP TABLE auditlog \/*\u2019AND group = 5<\/code><\/pre>\n<h2>How Does This Affect N1QL?<\/h2>\n<p>After some experimentation, N1QL is actually more resistant to injection attacks than traditional SQL. For example, N1QL doesn\u2019t currently support batching multiple commands. Therefore there is no equivalent to the batch attacks that allow malicious modifications of data in SQL. For example, this injection attack, which could work in SQL, is rejected as invalid syntax:<\/p>\n<pre><code class=\"language-sql\">SELECT * FROM users WHERE name = ''; UPDATE users SET password = \u20181234\u2019; SELECT * FROM users WHERE name = ''\r\n<\/code><\/pre>\n<p>However, there are still options for a malicious user to perform an attack. Without protection these attacks could result in allowing access to secured data, or denial of service because the altered queries use too much processing power on the Couchbase cluster.<\/p>\n<p>Additionally, some features such as batching could certainly be added in a future version of N1QL. So if developers don\u2019t protect user input in their queries data modification could become a problem in the future.<\/p>\n<h2>Where Clause Modifications<\/h2>\n<p>As with SQL injection, N1QL injection allows the alteration of the WHERE clause. For example:<\/p>\n<pre><code class=\"language-sql\">var query = \"SELECT * FROM users WHERE name = '\" + userName + \"'\";<\/code><\/pre>\n<p>Can become:<\/p>\n<pre><code class=\"language-sql\">SELECT * FROM users WHERE name = '' OR '1'='1'\r\n<\/code><\/pre>\n<p>Due to operator precedence rules for the AND and OR operators, this attack can even work if there are additional clauses:<\/p>\n<pre><code class=\"language-sql\">var query = \"SELECT * FROM users WHERE name LIKE '%\" userName + \"%' AND group = 5<\/code><\/pre>\n<p>Still returns all users when it becomes:<\/p>\n<pre><code class=\"language-sql\">SELECT * FROM users WHERE name LIKE '%' OR ''='%' AND group = 5<\/code><\/pre>\n<h2>N1QL Comments<\/h2>\n<p>N1QL&#8217;s comment system uses C style comment blocks (\/* comment *\/) instead of using &#8220;&#8211;&#8221; to comment out the remainder of the line. This protects N1QL from some of the more advanced injection attacks. Since N1QL requires a closing comment *\/, attackers can&#8217;t comment out parts of your query without causing a syntax error.<\/p>\n<p>Note, however, that this depends on the developer not leaving comments in their query. If there is a comment in the query text, the user now has a closing comment block to use to their advantage:<\/p>\n<pre><code class=\"language-sql\">var query = \"SELECT * FROM users WHERE name = '\" + userName + \"' AND group = 5 \/* only return group 5 *\/\";<\/code><\/pre>\n<p>Can be injected with &#8220;OR 1=1 \/*&#8221;:<\/p>\n<pre><code class=\"language-sql\">SELECT * FROM users WHERE name = '' OR 1=1 \/*' AND group = 5 \/* only return group 5 *\/<\/code><\/pre>\n<p>As in the SQL example, the group restriction is now removed from the query.<\/p>\n<h2>N1QL Identifier Injection<\/h2>\n<p>Couchbase&#8217;s schemaless document model actually creates an interesting new area of attack. When working with SQL, it&#8217;s very rare to include user input anywhere except the WHERE or ORDER BY clause of your query. This is because the table and column names are well known and don&#8217;t change.<\/p>\n<p>The lack of a schema for Couchbase documents, however, means that developers might be tempted to allow the user to control which fields they&#8217;re selecting from the document.<\/p>\n<pre><code class=\"language-cs\">var query = \"SELECT \" + field + \" FROM users WHERE type = 'user'\";<\/code><\/pre>\n<p>After injection becomes:<\/p>\n<pre><code class=\"language-sql\">SELECT name, (SELECT * FROM users as users2 USE KEYS users.userPasswordDocumentIds) as passwordDoc FROM users WHERE type = 'user'<\/code><\/pre>\n<p>Now the attacker has access to data from a related password document that was not in the user document the developer specified.<\/p>\n<h2>How To Protect Your Application<\/h2>\n<p>Fortunately, it&#8217;s just as easy to protect your application from N1QL injection attacks as it is from SQL injection attacks. Here are some guidelines that make security easy. The examples are in C#, but the concepts apply just as well to any other language.<\/p>\n<ol>\n<li><strong>Best practice:<\/strong> Instead of inserting user input directly into your query, used named or positional parameters as protection. This way user input is never directly added to your query, providing 100% protection against all injection attacks.\n<pre><code class=\"language-cs\">var query = \"SELECT * FROM users WHERE userName = '\" + userName + \"'\";<\/code><\/pre>\n<p>Should be:<\/p>\n<pre><code class=\"language-cs\">var query = new QueryRequest(\"SELECT * FROM users WHERE userName = $userName\");\r\nquery.AddNamedParameter(\u201c$userName\u201d, userName);<\/code><\/pre>\n<\/li>\n<li><strong>Best Practice #2:<\/strong> Use a strongly typed language construct, such as .Net POCOs or Java POJOs, that generate the query text. For example, the Linq2Couchbase library (https:\/\/github.com\/couchbaselabs\/Linq2Couchbase) handles proper escaping when generating N1QL from LINQ queries.<\/li>\n<li>If you do insert user input strings into your query, always escape quotes. \u00a0Replace any instance of a single quote (&#8216;) with two single quotes (&#8221;).\n<pre><code class=\"language-cs\">var query = \"SELECT * FROM users WHERE userName = '\" + userName + \"'\";<\/code><\/pre>\n<p>Should be:<\/p>\n<pre><code class=\"language-cs\">var query = \"SELECT * FROM users WHERE userName = '\" + userName.Replace(\"'\", \"''\") + \"'\";<\/code><\/pre>\n<\/li>\n<li>When inserting user input identifiers into your query, always escape the identifier with ticks (`). Then replace any instance of a tick in the input with two ticks (&#8220;). Note that there is no named parameter equivalent for identifiers, so escaping is the identifier is the best solution.\n<pre><code class=\"language-cs\">var query = \"SELECT \" + field + \" FROM users WHERE group = 5\";<\/code><\/pre>\n<p>Should be:<\/p>\n<pre><code class=\"language-cs\">var query = \"SELECT `\" + field.Replace(\"`\", \"``\") + \"` FROM users WHERE group = 5\";<\/code><\/pre>\n<\/li>\n<li>If you implement the other rules, you&#8217;re protected against comment based attacks as well. \u00a0However, a secondary policy against comments in queries that contain user input can provide additional protection in case a developer forgets the other rules. Instead, just put any comments in application code instead of the query itself.\n<pre><code class=\"language-cs\">var query = \"SELECT * FROM users WHERE userName = '\" + userName + \"' AND group = 5 \/* only return group 5 *\/\";<\/code><\/pre>\n<p>Should be:<\/p>\n<pre><code class=\"language-cs\">var query = \"SELECT * FROM users WHERE userName = '\" + userName.Replace(\"'\", \"''\u201d) + \"' AND group = 5\"; \/\/ only return group 5<\/code><\/pre>\n<\/li>\n<\/ol>\n<p>To see examples of these attacks and their protection methods in C#, please see this GitHub repo: <a href=\"https:\/\/github.com\/brantburnett\/N1QlInjection\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/brantburnett\/N1QlInjection<\/a>. Note that you will need Couchbase installed locally and with beer-sample installed to run the tests.<\/p>\n<h2>Conclusion<\/h2>\n<p>While N1QL is vulnerable to injection attacks, this vulnerability is no worse than well known vulnerabilities in SQL. Additionally, it is very easy for developers to protect against injection attacks. Therefore, N1QL provides an excellent platform for developing secure applications using Couchbase NoSQL databases.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Note: this is a guest post by Brant Burnett of CenterEdge Software, a company which developes POS and specialty software for the amusement park, leisure and entertainment industries. Overview N1QL is an incredibly powerful new tool which will help to [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":13873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1811,10127,1813,1812,2201],"tags":[],"ppma_author":[8970],"class_list":["post-1974","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet","category-c-sharp","category-security","category-n1ql-query","category-tools-sdks"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Guest post from CenterEdge Software- The Couchbase Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Guest post from CenterEdge Software: Couchbase and N1QL Security\" \/>\n<meta property=\"og:description\" content=\"Note: this is a guest post by Brant Burnett of CenterEdge Software, a company which developes POS and specialty software for the amusement park, leisure and entertainment industries. Overview N1QL is an incredibly powerful new tool which will help to [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2015-09-29T22:20:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T06:47:41+00:00\" \/>\n<meta name=\"author\" content=\"Jeff Morris, Senior Software Engineer, Couchbase\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@jeffrysmorris\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Morris, Senior Software Engineer, Couchbase\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\"},\"author\":{\"name\":\"Jeff Morris, Senior Software Engineer, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/b678bdd9f7b21a33d43ea965865a3341\"},\"headline\":\"Guest post from CenterEdge Software: Couchbase and N1QL Security\",\"datePublished\":\"2015-09-29T22:20:49+00:00\",\"dateModified\":\"2025-06-14T06:47:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\"},\"wordCount\":1066,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"articleSection\":[\".NET\",\"C#\",\"Security\",\"SQL++ \/ N1QL Query\",\"Tools &amp; SDKs\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\",\"name\":\"Guest post from CenterEdge Software- The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"datePublished\":\"2015-09-29T22:20:49+00:00\",\"dateModified\":\"2025-06-14T06:47:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"width\":1800,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Guest post from CenterEdge Software: Couchbase and N1QL Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/b678bdd9f7b21a33d43ea965865a3341\",\"name\":\"Jeff Morris, Senior Software Engineer, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/73188ee2831025d81740e12e1ed80812\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5f910befdbd58de8bac85293df7f544680843061ecc921ba7d293d6d52076ab3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5f910befdbd58de8bac85293df7f544680843061ecc921ba7d293d6d52076ab3?s=96&d=mm&r=g\",\"caption\":\"Jeff Morris, Senior Software Engineer, Couchbase\"},\"description\":\"Jeff Morris is a Senior Software Engineer at Couchbase. Prior to joining Couchbase, Jeff spent six years at Source Interlink as an Enterprise Web Architect. Jeff is responsible for the development of Couchbase SDKs and how to integrate with N1QL (query language).\",\"sameAs\":[\"https:\/\/x.com\/jeffrysmorris\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/jeff-morris\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Guest post from CenterEdge Software- The Couchbase Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/","og_locale":"en_US","og_type":"article","og_title":"Guest post from CenterEdge Software: Couchbase and N1QL Security","og_description":"Note: this is a guest post by Brant Burnett of CenterEdge Software, a company which developes POS and specialty software for the amusement park, leisure and entertainment industries. Overview N1QL is an incredibly powerful new tool which will help to [&hellip;]","og_url":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/","og_site_name":"The Couchbase Blog","article_published_time":"2015-09-29T22:20:49+00:00","article_modified_time":"2025-06-14T06:47:41+00:00","author":"Jeff Morris, Senior Software Engineer, Couchbase","twitter_card":"summary_large_image","twitter_creator":"@jeffrysmorris","twitter_misc":{"Written by":"Jeff Morris, Senior Software Engineer, Couchbase","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/"},"author":{"name":"Jeff Morris, Senior Software Engineer, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/b678bdd9f7b21a33d43ea965865a3341"},"headline":"Guest post from CenterEdge Software: Couchbase and N1QL Security","datePublished":"2015-09-29T22:20:49+00:00","dateModified":"2025-06-14T06:47:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/"},"wordCount":1066,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","articleSection":[".NET","C#","Security","SQL++ \/ N1QL Query","Tools &amp; SDKs"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/","url":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/","name":"Guest post from CenterEdge Software- The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","datePublished":"2015-09-29T22:20:49+00:00","dateModified":"2025-06-14T06:47:41+00:00","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","width":1800,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-and-n1ql-security-centeredgesoftware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Guest post from CenterEdge Software: Couchbase and N1QL Security"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/b678bdd9f7b21a33d43ea965865a3341","name":"Jeff Morris, Senior Software Engineer, Couchbase","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/73188ee2831025d81740e12e1ed80812","url":"https:\/\/secure.gravatar.com\/avatar\/5f910befdbd58de8bac85293df7f544680843061ecc921ba7d293d6d52076ab3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5f910befdbd58de8bac85293df7f544680843061ecc921ba7d293d6d52076ab3?s=96&d=mm&r=g","caption":"Jeff Morris, Senior Software Engineer, Couchbase"},"description":"Jeff Morris is a Senior Software Engineer at Couchbase. Prior to joining Couchbase, Jeff spent six years at Source Interlink as an Enterprise Web Architect. Jeff is responsible for the development of Couchbase SDKs and how to integrate with N1QL (query language).","sameAs":["https:\/\/x.com\/jeffrysmorris"],"url":"https:\/\/www.couchbase.com\/blog\/author\/jeff-morris\/"}]}},"authors":[{"term_id":8970,"user_id":21,"is_guest":0,"slug":"jeff-morris","display_name":"Jeff Morris, Senior Software Engineer, Couchbase","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/5f910befdbd58de8bac85293df7f544680843061ecc921ba7d293d6d52076ab3?s=96&d=mm&r=g","author_category":"","last_name":"Jeff Morris, Senior Software Engineer, Couchbase","first_name":"Jeff","job_title":"","user_url":"","description":"Jeff Morris is a Senior Software Engineer at Couchbase. Prior to joining Couchbase, Jeff spent six years at Source Interlink as an Enterprise Web Architect. Jeff is responsible for the development of Couchbase SDKs and how to integrate with N1QL (query language)."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/1974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=1974"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/1974\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/13873"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=1974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=1974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=1974"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=1974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}