If you wanted to push something live with Node JS, Mongo DB & Express does this suffice as a secure way to connect to the Mongo DB?
Can someone explain this code from a security perspective?
===
Alot of tutorials simply use...
var mongoClient = new MongoClient(new Server('localhost', 27017));
Mongos Documenation includes...
var MongoClient = require('mongodb').MongoClient;
// Connect to the db
MongoClient.connect("mongodb://localhost:27017/exampleDb", function(err, db) {
if(!err) {
console.log("We are connected");
}
});
===
Code is based on Mongo Documentation - http://mongodb.github.io/node-mongodb-native/api-articles/nodekoarticle1.html#getting-that-connection-to-the-database
You're not missing much. The best thing to do with most database servers is to secure them by keeping them away from the public network.
The same is true of e.g. MySQL--it lacks enterprise authentication methods like Kerberos (requested since 2004: http://bugs.mysql.com/bug.php?id=6733).
You just need to keep your DB server inside the trusted LAN. If you want to use a login with password, it's better than nothing, but exposing most databases to the outside world is a bad idea, because they lack simple protections like bad-password rate limiting. They're just not meant to be user-facing in that way.