Security on mongodb and node.js

Hello, im newbie here on nosql databases. i have taken m001 and m1003 courses. Here at our company want to implement an application with a backend with mongodb and looking for the options javascript node.js seems like a good option. Our doubt it’s what about the security themes, i have seen on the internet topics like “javascript injection and some vulnerabilities using nodejs + nosql” most of them are old. So i want a quick a update if right now those things are “fixed” and we can fully trust our backend architechture on mongodb + node.js, with angular as front-end.

@Pedro_56253,

These are all valid concerns! Thankfully, in the realm of Javascript there has been a push for more secure programming in the last few years. Many companies successfully run sensitive, mission critical software using Node.js and MongoDB.

In terms of security when it comes to MongoDB, there are numerous security features to help protect your data. Role-based access control helps you enforce the principle of least privilege by ensuring only certain users can perform specific actions on specific resources that you define. TLS/SSL ensures communication in cluster and between database and client is secure. Encryption at rest is available should you need to encrypt your database data on disk. Enterprise and Atlas customers using MongoDB 4.2 can use Client-Side Field Level Encryption to ensure developer defined sensitive data is encrypted in memory and never decrypted on the server.

If you have any further questions, please let me know. I really recommend you take our Security course and read up on our material in the MongoDB documentation. I’m sure you will find features that address your specific security concerns.

3 Likes