Menu
I have created a config.js file which stores all my database connection information. I am then requiring this in my db-connect.js. The config file is gitignored so it won't be committed. However, I was wondering if this is secure, or if any more can be done to secure this information?
Config.js simply looks like this at the moment:
var dbconfig = {
database: 'dbname',
username: 'dbusername',
password: 'dbpassword'
};
module.exports = dbconfig;
There are similar questions on here,but all just say to not commit the file - however, to me this still doesn't seem as secure as it could be?
272
There may not be a correct answer to this, Here are your options
Environment variables: i have seen people prefer saving their config in environment variables either in their ~/.bashrc file temporary for a perticular process eg:
~/.bashrc
export DB_USER=username
export DB_PASS=password
temporary DB_USER=username DB_PASS=password node ./app.js
have your config files separate from the project and require it from a absolute path eg:
var config = require('/<path>/<to>/config.js');
so this way you will ensure your application will never serve your config file as it is not part of web root directory.
encrypt your config file and decrypt it every time you application restarts and read it.
I have preferred 1 and 2 on most applications.
76
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
