3

I'd like secure a website / server which holds its data in MongoDB and running Node JS on Ubuntu. The data is sensitive (emails, usernames, passwords etc.) so, security is 1 of the main concerns.

I've read some docs such as the manual: http://docs.mongodb.org/manual/core/security/ which is great but having not dealt with security on websites before it would be great to come across some examples of existing projects or any other great resources on this tailored to Node / Mongo / Ubuntu.

Another important point would be testing the worse case scenarios and seeing if the security methods worked - are there any tools / best practice methods to do this?

user3197788
  • 165
  • 4
  • 14
  • Down voted as this is totally off-topic. SO is targeted at programming questions, the right place to ask would be http://www.superuser.com. **But**: If security _really_ is a No1 concern – don't use layman's security: Get yourself a specialist. – Markus W Mahlberg Nov 09 '14 at 10:53

1 Answers1

1

Security in a website consists of many factors. Just naming a few -

For the site to be served with https, you need to purchase an ssl certificate, create csr with openSSL, install it on the server and configure node.js https server as described here, here, here and here.

As for storing sensitive data in MongoDB (or any other db) you will probably want to store only the encrypted password (e.g. with AES algorithm), and then check against that when validating a user entered user & password. This is just the tip of the iceberg when it comes to security, and as Markus specified in the comment - an expert or someone with experience in the field can guide you on specific issues. Good luck!

Community
  • 1
  • 1
Eitan Rousso
  • 181
  • 1
  • 5
  • 1
    Note: Self signed certs results in browser errors since you are not a CA, it is not wise practice for security – Sammaye Nov 09 '14 at 19:29
  • 1
    Another note: AES encryption is not good for password storage, you should use a one-way hash like blowfish – Sammaye Nov 09 '14 at 19:31
  • Sammaye you are absolutely right. I was trying to give a few examples to some concerns involved when talking about a website's security – Eitan Rousso Nov 11 '14 at 13:12