Database Security
This section on OWASP Secure Coding Practices - Quick Reference guide covers database security issues and actions developers and database administrators need to take when using databases in their web applications.
The Best Practise
Before using a database with your JavaScript application, you should take care of the following configurations:
- Secure database server installation1
- Change/set a password for
rootaccount(s) - Remove the
rootaccounts that are accessible from outside the localhost - Remove any anonymous-user accounts
- Remove any existing test database
- Change/set a password for
- Remove any unnecessary stored procedures, utility packages, unnecessary services, vendor content (e.g. sample schemas)
- Install the minimum set of features and options required for your database to work with JavaScript
- Disable any default accounts which are not required to connect to the database of your web application
Also, because it's important to validate input and encode output on the database, be sure to take a look into the Input Validation and Output Encoding sections of this guide.
1. MySQL/MariaDB have a program for this: mysql_secure_installation3,4 ↩