Start with the Basics: Set Up the Database

Let’s start from the beginning—your application has to successfully connect to the database before you can do anything. Let’s make sure you don’t fumble the ball even before you cross the line of scrimmage.

Any database that you work with, and it doesn’t matter if we’re talking about MySQL, Mongo, Redis, or any other database system, should be configured to use authenticated users. Sometimes people don’t bother with user accounts and let everyone (including applications) connect to the database without a password. They typically block outside connections, which is a good thing to do. Unfortunately, it’s not sufficient, even if the database lives on the same machine.

Yes, blocking outside connections ...

Get Secure Your Node.js Web Application now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.