I am fairly new to application creating using Node.js and want to get some opinions/best practices. The application I am creating is a inventory tracking application. From everything I see online, people use passport or other identify providers to authenticate against and then use a MySQL service account to actually handle the get and posts to the database. Why not have users authenticate against MySQL's builtin authentication and use its permissions? My logic behind this is that you could restrict database and table access based on each user which would secure against SQL injection like attacks. You would then also get all of the reporting/tracking that comes built into MySQL. Would they problem lie when trying to authenticate hundreds of users?Thoughts? Something I am missing?
Submitted May 01, 2019 at 08:22PM by Aberbob
No comments:
Post a Comment