Ok, so this isn't exactly a question that I expect a full answer for but here goes...
I am currently using a python driver to fire data at a mongo instance and all it well in the world. Now I want to be able to pull data from mongo and evaluate each record in the collection. Now I need to pass in to this evaluation a script that will look at the row of data and if a condition is met return true i.e.
(PSUDO CODE)
foreach(row in resultSet)
if(row.Name=="Chris) return true
return false
Now the script that I use to evaluate each item in the row should be sandboxes somehow with limited functionality/security privileges.
In other words the code will be evaled, and I dont want it to have rights to i.e. include external libraries, call remote servers or have access any files on the server etc...
With this in mind I know that mongo uses something called spider monkey (which I gather is a JS evaluator) to write queries. I wonder would it be possible to take the result of a mongo call and pass it to an evaluated javascript function using spider monkey (somehow) to achieve what I am after? If so would this be safe enough.
To be honest, Im writing this question and I realize its sounding a lot like one of th开发者_如何学Cose "please help, how to code the world" type questions but any pointers would be helpful.
Have you looked at $where
clauses in MongoDB? Seems like those would pretty much give you exactly what you're looking for. In PyMongo it would look something like:
db.foo.find().where("some javascript function that will get applied to each document matched by the find")
精彩评论