A NoSQL (“non-SQL”, “non-relational” or “not only SQL”) database presents a mechanism for storage and retrieval of data that is modelled in means other than the tabular relations used in relational databases. NoSQL databases are frequently used in big data and real-time web applications.
The term NoSQL is used to point to different data stores that break from regular relational database architectures. NoSQL data stores represent data using key/value mappings and do not depend on a fixed schema such as a conventional database table. Keys and values can be arbitrarily defined, and the format of the value generally is not relevant to the data store. A further feature of key/value storage is that a value may be a data structure itself, enabling hierarchical storage, unlike the flat data structure inside a database schema.
NoSQL advocates claim this has several advantages, mainly in handling very large datasets, where the data store’s hierarchical structure can be optimized exactly as expected to reduce the overhead in retrieving data sets. In these instances a conventional database may need complex cross-referencing of tables to retrieve information on behalf of an application.
From a web application security viewpoint, the key consideration is how the application queries data, because this decides what forms of injection are possible. In the case of SQL injection, the SQL language is broadly similar across different database products. NoSQL, by contrast, is a name given to a disparate range of data stores, all with their own behaviors. They don’t all use a single query language.