This document describes the security properties of the MongrelDB Elixir client and how to report vulnerabilities.
The MongrelDB Elixir client is a Hex package that talks to mongreldb-server
over HTTP. The client itself holds no encryption keys and stores no data at
rest; it is a thin request/response layer over the daemon.
- The client communicates with
mongreldb-serverover plain HTTP. The daemon binds to127.0.0.1by default, so traffic stays on the loopback interface. For remote or multi-tenant deployments, terminate TLS in a reverse proxy (nginx, Caddy) in front of the daemon. - The client supports Bearer token and HTTP Basic auth, matching the
daemon's
--auth-tokenand--auth-usersmodes. Credentials are sent only in theAuthorizationheader and are never logged by the client. - The native Condition API and query builder accept typed parameters (column IDs, typed values). There is no string interpolation and no SQL injection surface. User-supplied values are serialized as typed JSON, not concatenated into queries.
- WARNING — raw SQL: The
sql()method sends a raw SQL string to the server. It does NOT parameterize or sanitize input, and the client never interprets SQL locally. Never interpolate untrusted user input into SQL statements — use parameterized queries where the server supports them, or validate/escape input yourself. (The native condition API and query builder remain type-safe and are not affected.) - Idempotency keys are caller-supplied opaque strings; the client does not derive or store them.
The client is a consumer of mongreldb-server. The daemon's security
posture:
- Binds to
127.0.0.1only, not accessible from other machines. - No authentication by default, any local process can query, write, or
delete data. Enable
--auth-tokenor--auth-usersfor any shared host. - No TLS, traffic is plaintext on the loopback interface.
- No rate limiting or request size caps.
For remote access or multi-tenant environments, place a reverse proxy (nginx, Caddy) in front with TLS termination and authentication. Do not expose the daemon directly to a network.
- The query builder produces typed JSON requests. Invalid column IDs, value encodings, and numeric ranges are rejected before any request is sent.
- Server and network errors are mapped to the typed exception hierarchy
(
AuthException,NotFoundException,ConstraintException,ConnectionException,QueryException), not leaked as bare atoms. - NaN and Infinity are rejected with a clear
QueryExceptionrather than corrupting data.
The MongrelDB Elixir client has no runtime dependencies beyond Elixir and
Erlang/OTP's :inets (the :httpc module). Development dependencies
(ex_doc, credo) are MIT or ISC licensed. Report dependency vulnerabilities
through GitHub's Dependabot alerts or the private vulnerability reporting
flow below.
Do not file a public GitHub issue, discussion, or pull request for security problems. Report privately through GitHub's private vulnerability reporting:
- Go to the repository's Security tab.
- Click Report a vulnerability.
- Fill in the advisory form with the details below.
This keeps the report confidential between you and the maintainers until a fix is ready. Please include as much as you can:
- a description of the issue and its impact,
- step-by-step reproduction steps,
- the MongrelDB Elixir client version, Elixir version, and OS,
- the
mongreldb-serverversion if relevant, - the relevant configuration, error output, or a proof-of-concept,
- a suggested fix or mitigation, if you have one.
- Acknowledgement of your report within a few days.
- An initial assessment and, where confirmed, a remediation plan.
- Progress updates through the private advisory thread until the issue is resolved.
- Credit for your responsible disclosure in the advisory, unless you prefer to remain anonymous.
We ask that you give us a reasonable opportunity to ship a fix before any public disclosure.