Reputation: 151
An extra layer of security for my mongodb - nestjs connection
I'm developing a services with NestJS that connects with MongoDB. I'm going to create a CRUD service where an user at the firs time can register himself as a super-admin. Then, this super-admin will can manage other users (create, delete or modify).
Inside an intranet, everything is okay, but outside, if a random person use that signin service, the applications will be his then.
So my question is: is there another extra security label to manage this situation?
I thought to use database credentials like parameters of the signin form:
- username:
- password:
- repeat your password:
- databaseName:
- databasePass:
Also, I thought if there is another way using any local certificates or similar.
Best regards, Pelayo.
Upvotes: 1
Views: 171
Answers (1)
Reputation: 1140
When you first time start your server, at that time create one super admin record with some fixed username and password.
These username and password you can store in .env
When super admin first logins, force him to change the password.
Upvotes: 1
Related Questions
- Why am I unable to connect to MongoDB using NestJS and Mongoose?
- Using MongoDB and storing critical information so that it is protected
- How to access/inject the database in a nest.js Auth Guard?
- How to best secure MongoDB database url in Node.js app
- How can I have a secure MongoDB - Mongoose setup?
- How to secure mongoDB connection in production
- MongoDb and nodejs SSl/Secure Connection
- Secure MongoDB Over Public Internet
- MongoDB: Architecture and security best-practices
- MongoDB security, what am I missing?