Database Connections

Connection String Protection

To keep your connection strings secure, it's always a good practice to put the authentication details in a separated configuration file far from public access.

Instead of placing your configuration file at /your/app/path/public_html/, consider using a restricted access location /some/private/path/config.json

{
  "db": {
    "user": "f00",
    "pass": "f00?bar#ItsP0ssible",
    "host": "localhost",
    "port": "3306"
  }
}

Then you can load your config.json file on your JavaScript application:

const fs = require('fs');
const config = require('/some/private/path/config.json');

console.log('Configuration loaded');

Of course, if the attacker has root access, he/she could see the file which brings us to the most secure thing you can do - encrypt the file.

Note that required file path includes the .json suffix: this tells Node.js to load and parse the content as JSON and not as a regular JavaScript file, preventing code execution.

Database Credentials

You should use different credentials for every trust distinction and level:

User
Read-only user
Guest
Admin

Therefore, if a connection is being made for a read-only user, they could never mess up with your database information because the user actually can only read the data.

Connections

Database Connections

Connection String Protection

Database Credentials

results matching ""

No results matching ""