Database Security

This section on OWASP Secure Coding Practices - Quick Reference guide covers database security issues and actions developers and database administrators need to take when using databases in their web applications.

The Best Practise

Before using a database with your JavaScript application, you should take care of the following configurations:

  • Secure database server installation1
    • Change/set a password for root account(s)
    • Remove the root accounts that are accessible from outside the localhost
    • Remove any anonymous-user accounts
    • Remove any existing test database
  • Remove any unnecessary stored procedures, utility packages, unnecessary services, vendor content (e.g. sample schemas)
  • Install the minimum set of features and options required for your database to work with JavaScript
  • Disable any default accounts which are not required to connect to the database of your web application

Also, because it's important to validate input and encode output on the database, be sure to take a look into the Input Validation and Output Encoding sections of this guide.


1. MySQL/MariaDB have a program for this: mysql_secure_installation3,4

results matching ""

    No results matching ""