Securing your admin section
Now, it's time to secure the admin section so that only authorized users can log in.
An important thing to note here is that we will need to secure both the client-side admin section and also our server-side APIs, because it is relatively easy to bypass client-side validations.
We will start with securing our server-side code. ExpressJS comes with its own session management and encryption modules.
We will enable
cookieParser in our app by adding the following line to our
Using bcrypt to encrypt passwords
To encrypt confidential data such as passwords, we will use a popular utility called bcrypt to hash the password before it is stored in the database.
Let's download ...