Book Image

Node.js Web Development - Fourth Edition

By : David Herron
Book Image

Node.js Web Development - Fourth Edition

By: David Herron

Overview of this book

Node.js is a server-side JavaScript platform using an event-driven, non-blocking I/O model allowing users to build fast and scalable data-intensive applications running in real time. This book gives you an excellent starting point, bringing you straight to the heart of developing web applications with Node.js. You will progress from a rudimentary knowledge of JavaScript and server-side development to being able to create, maintain, deploy and test your own Node.js application.You will understand the importance of transitioning to functions that return Promise objects, and the difference between fs, fs/promises and fs-extra. With this book you'll learn how to use the HTTP Server and Client objects, data storage with both SQL and MongoDB databases, real-time applications with Socket.IO, mobile-first theming with Bootstrap, microservice deployment with Docker, authenticating against third-party services using OAuth, and use some well known tools to beef up security of Express 4.16 applications.
Table of Contents (14 chapters)

Summary


In this chapter, we've covered an extremely important topic, application security. Thanks to the hard work of the Node.js and Express communities, we've been able to tighten the security simply by adding a few bits of code here and there to configure security modules. We've even worked out how to prevent the system from being built, if it's using packages with known vulnerabilities.

Enabling HTTPS means our users have better assurance of security. The SSL certificate is a measure of authenticity that protects against man-in-the-middle security attacks, and the data is encrypted for transmission across the internet. With a little bit of work, we were able to set up a system to acquire, and continuously renew, free SSL certificates from the Let's Encrypt service.

The helmet package provides a suite of tools to set security headers that instruct web browsers on how to treat our content. These settings prevent or mitigate whole classes of security bugs. With the csurf package, we're able...