O'Reilly logo
  • William Yeh thinks this is interesting:

From our web application standpoint, we have the following rules:

  • The web application should not be run with root privileges. It should instead use a limited account that has access to only the required resources.

  • The database account should not be a root account. The account should have limited privileges over the database tables. We touch upon this in Chapter 5, Secure Your Database Interactions.

  • The users of the web application shou...

From

Cover of Secure Your Node.js Web Application

Note

Principle of least privilege (PLP) applied to Web applications:

(1) The web application should not be run with root privileges. It should instead use a limited account that has access to only the required resources.

(2) The database account should not be a root account. The account should have limited privileges over the database tables.

(3) The users of the web application should be given the minimum set of privileges they need.