By default, Node.js is fairly secure by itself. Although, there are definitely things you have to watch out for. If your Node web-app starts to get more and more popular, for example, you'll need to be thinking more and more about security to ensure that you're keeping your users'
Writing about Passport.js the other day got me thinking about how authentication actually works, and more importantly how many ways it can go wrong. The naive solution is to just store a user's username/email and password directly in the database, and then check the submitted password against
User authentication is one of those things that you probably don't think too much about, but just about every website or app out there requires it. If you had to implement authentication yourself, could you? Well don't worry, you probably won't have to. Since this functionality is so common,