Always linear horizontal scaling

Built-in schemaless flexibility

Guaranteed fastest read latency

ACID transactional properties

Trailing whitespace in string values

Extra JSON comments inserted by the client

Boolean flags encoded as strings

JSON query operators like $ne, $or, $gt

Using strict type definitions in DTOs

Sending all queries through a single DB access layer

Avoiding dynamic SQL entirely

Concatenating user input into SQL statement strings

Return raw DB documents to the client for debugging

Allow only XML input instead of JSON

Wrap the whole request body in a string and store it

Construct a new filter: extract expected fields, validate types, and only include those keys

Relying on client-side JavaScript to clean inputs

Using transport-layer encryption (TLS) only

Logging incoming requests but not rejecting them

Rejecting or stripping keys that start with $ and whitelisting allowed fields

It replaces the DB user permission model

It makes client-side validation unnecessary

It converts find() into raw SQL internally

It validates input shape/types before building queries

Automatically running DB backups

Implicitly granting admin roles to the model

Automatically converting all objects to strings

Enforcing a schema so unexpected operator objects are rejected or cast