Photo by Georg Bommeli on Unsplash

Prevent XSS?

How should I store passwords?

How can I protect against CSRF?

const cookieParser = require("cookie-parser");const csrf = require("csurf");const bodyParser = require("body-parser");const express = require("express");// setup route middlewaresconst csrfProtection = csrf({ cookie: true });const parseForm = bodyParser.urlencoded({ extended: false });// create express appconst app = express();// parse cookies// we need this because "cookie" is true in csrfProtectionapp.use(cookieParser());app.get("/form", csrfProtection, function (req, res) {// pass the csrfToken to the viewres.render("send", { csrfToken: req.csrfToken() });});app.post("/process", parseForm, csrfProtection, function (req, res) {res.send("data is being processed");});
<form action="/process" method="POST"><input type="hidden" name="_csrf" value="{{csrfToken}}">Favorite color: <input type="text" name="favoriteColor"><button type="submit">Submit</button></form>

When should I use JWT-based authentication? When should I use session-based authentication?

What are the best practices for handling secrets, like database passwords?

Passionate Programmer. Independent Thinker. Caring Father. Graduate of Flatiron Bootcamp for Software Development. Currently seeking new opportunities.