How to secure a site / server built with Node JS (runs on Ubuntu) and MongoDB?
I would like to secure a website / server that stores its data in MongoDB and runs Node JS on Ubuntu. The data is sensitive (emails, usernames, passwords, etc.), so security is a major concern.
I read some docs such as the manual: http://docs.mongodb.org/manual/core/security/ which is great but didn’t deal with security on websites before being great to come across some examples of existing projects or any other great resources on this given Node / Mongo / Ubuntu.
Another important point would be testing worst case scenarios and figuring out if the security methods work - are there any best practice tools / techniques for doing this?
source to share
Website security consists of many factors. Just by naming a few -
In order for the site to be served using https, you need to purchase an ssl certificate, create a csr with openSSL , install it on the server and set up a node.js https server as described here , here , here, and here .
As far as storing sensitive data in MongoDB (or any other db's), you probably want to store only an encrypted password (like AES algorithm) and then check for that when verifying the user entered user and password. This is just the tip of the iceberg when it comes to security, and how Markus mentioned in the comment is an expert or someone with experience in the field can help you on specific issues. Good luck!
source to share