Securing your node js application (1)
June 12, 2016
Security is of prime concern while deploying an app. Thanks to the awesome nodejs community, there are lot of security middlewares one can use to mitigate common security risks.
Some vulnerabilities are:
- SQL injection
- Man in the middle attack
This is not an exhaustive list, but the list of most common ones.
You have to worry about this attack only if you are using sql databases as your database. If you use MongoDB you should check MongoDB Injection instead. Following code is vulnerable to injections.
Consider the input where
The sql query build to
SELECT * FROM users WHERE username = 'admin'--'AND password = 'dummy'
-- is comment syntax in sql. How simple was it to get access. hmm!
- Escape user inputs.
- Use parameterised sql queries.
This is first one in the node js security series. I will update this with link to other posts as I complete other ones.