Reputation: 314
Proper way to store and pass username and password to config for database connection?
I have just created my first React back-end using Express and Tedious. What is the proper way to store and/or pass in the Username and Password to connect to the database? Is the 'back-end' secure enough to have it in-line like this?
const express = require('express')
const app = express()
app.get('/dbCall', (req, res) => {
var Connection = require('tedious').Connection;
var Request = require('tedious').Request;
var config = {
"server": "localhost",
"authentication": {
"type": "default",
"options": {
"userName": "myUsername",
"password": "myPassword"
}
},
"options": {
"port": 1533,
"database": "myDB",
}
}
...
}
Upvotes: 0
Views: 1343
Answers (1)
Reputation: 76
One way to store your 'secret' data is to use the dotenv module.
1. Install the module:
npm install dotenv
2. Create the ".env" file in your root directory (same directory as package.json)
Content of your .env should look like this (yeah, it's just plain text):
APP_SERVER=localhost
APP_USERNAME=myUsername
APP_PASSWORD=myPassword
APP_PORT=1533
APP_DATABASE=myDB
3. Setup dotenv (You want to do this as early as possible in your application)
// example where to put it
const express = require("express");
const app = express();
const dotenv = require("dotenv");
dotenv.config();
4. Profit
const express = require('express')
const app = express()
const dotenv = require("dotenv");
dotenv.config();
app.get('/dbCall', (req, res) => {
var Connection = require('tedious').Connection;
var Request = require('tedious').Request;
var config = {
"server": process.env.APP_SERVER,
"authentication": {
"type": "default",
"options": {
"userName": process.env.APP_USERNAME,
"password": process.env.APP_PASSWORD
}
},
"options": {
"port": process.env.APP_PORT,
"database": process.env.APP_DATABASE,
}
}
}
Note: If you're using git you have to put the ".env" file in your .gitignore and you might want to consider deleting previous commits if you've already pushed your secret data.
EDIT: If you're using the database config object multiple times, I'd recommend putting your config in a separate file.
- create "databaseConfig.js" file
module.exports = {
server: process.env.APP_SERVER,
authentication: {
type: "default",
options: {
userName: process.env.APP_USERNAME,
password: process.env.APP_PASSWORD
}
},
options: {
port: process.env.APP_PORT,
database: process.env.APP_DATABASE
}
}
- require "databaseConfig.js" in your code
const config = require("path/to/databaseConfig.js");
Upvotes: 2
Related Questions
- How can I securely store the IP address, username and password of a database using Node.js?
- Best way to store DB config in Node.Js / Express app
- Where to store db credentials in a productive app?
- Express backend with Firebase auth and my own database to persist users
- How to properly store information in React + Node?
- Best practice for storing sensitive connection data when connecting to a DB
- How to properly pass username and password from reactjs to back end for authentication?
- Best way to store admin credentials on a node/express/react app
- Keeping information private, even from database users
- Putting database production password on json config file