1

I have always done my DB connection through a file like "connection.js" and it contains the sensitive data like password, user, host, etc. required for creating a db connection.

Is there an industry practice for dealing with this? Or a best way of "securing" the file without exposing like passwords and such that other people can snoop and eventually find the connection string and information so that they can connect to the db?

blitz
  • 149
  • 1
  • 12
  • 2
    I suggest you don't store your sensible data en files inside your project. You can use .env files or tools as Parameter Store/Secrets Manager in AWS to store sensitive and secure data. – Oscar López Feb 05 '21 at 20:44
  • Pass them via environment variables (accessible via `process.env`) instead of hardcoding them. – cbr Feb 05 '21 at 20:54

1 Answers1

1

Like the comments have mentioned you should be using environment variables. That way you don’t accidentally publish your DB connection info to something like GitHub.

If someone has access to your system there is no real way from preventing them from finding the info to connect to your DB.

TDStuart
  • 40
  • 4