Security in web applications goes beyond ensuring that people don’t have access to the application server. Security can be complex, and even a little intimidating. Luckily, when it comes to Node applications, most of the components we need for security have already been created. We just need to plug them in, in the right place and at the right time.
In this chapter, I break down security into four major components: encryption, authentication and authorization, attack prevention, and sandboxing:
Ensures that data transmitted over the Internet is safe, even if it is intercepted midroute. The only receiver that can actually decrypt the data is the system that has the proper credentials (typically a key). Encryption is also used for data that must be stored confidentially.
Consist of the logins we get whenever we need to access protected areas of an application. Not only do these logins ensure that a person has access to a section of an application (authorization), they also ensure the person is who she says she is (authentication).
Ensures that someone who is submitting data via a form isn’t trying to tack on text that can attack the server or the database you’re using.
Barricades script so it doesn’t have access to the system resources—it operates only within a limited context.
We send a lot of data over the Internet. Most of it isn’t anything essential: Twitter updates, web ...