Advantages and disadvantages of Stored Procedure equivalents

Hi @Nadav_Megnazi,

PERFORMANCE
In terms of performance , The MongoDB Aggregation Pipeline is executed on the database and can be very fast, as mentioned by @MaBeuLux88_xxx (MongoDB employee / power user).

When I build a complex aggregation pipeline that I want to be able to re-use easily, I bundle it in a MongoDB Server-side function. Note that I share @MaBeuLux88_xxx’s concerns about stored procedures, and I apply the same guiding principles with my MongoDB Server-side functions. Namely:

  • they should be version controlled alongside the rest of the application’s code
  • one should not put business logic in the stored procedure / MongoDB Server-side function
  • i.e. use such procedures / functions sparingly, e.g. if the Aggregation Pipeline in your function becomes unwieldy, that’s a cue you may want to do things differently (e.g. break it down and put some of the logic in your server side code).
  • I would avoid using Javascript in my MongoDB Server-side functions (e.g. I keep them as close as possible to one simple Aggregation Pipeline per Server-side function). My understanding is that my Javascript code will run faster on my Node server than on my MongoDB Server (because my server is hot and Node will apply JIT optimizations, and because at this point it’s easier for me to scale my Node servers than my MongoDB server).

SECURITY
It’s interesting that you mention security, because it’s a question I’ve asked myself. I’m aware of SQL Injection Attacks (SQLIA), and how even stored procedures can be vulnerable to SQLIA.

I would be interested to know what @MaBeuLux88_xxx has to say with regards to query injection type attacks in MondoDB. In particular, I found it telling that roughly a quarter of the documentation on MongoDB Server-side function is dedicated to disabling server-side execution of JavaScript… I actually wish there was more documentation on MongoDB Server-side function, etc.

Regards,
Xavier Robitaille
Feather Finance

1 Like