- May 1, 2021
- 1
Hi everyone, this is my first post.
I run a few NodeJS/ExpressJS/PassportJS web apps housed on DigitalOcean droplets that have ssh key access only, and only one user on the host system (me). The MongoDB instances used by the apps and running on the same droplets are password protected and only accessible to localhost. In the apps themselves, there is only one admin account (also me), and my passwords (to admin account in the apps) are 12 character random strings.
With a setup like this, what are some of the greatest potential risks or entry points where someone could gain unauthorized access to the database?
Thanks for any tips!
I run a few NodeJS/ExpressJS/PassportJS web apps housed on DigitalOcean droplets that have ssh key access only, and only one user on the host system (me). The MongoDB instances used by the apps and running on the same droplets are password protected and only accessible to localhost. In the apps themselves, there is only one admin account (also me), and my passwords (to admin account in the apps) are 12 character random strings.
With a setup like this, what are some of the greatest potential risks or entry points where someone could gain unauthorized access to the database?
Thanks for any tips!