Add "Security" section
See original GitHub issueI’m submitting a…
[ ] Regression
[ ] Bug report
[ ] Feature request
[x] Documentation issue or request (new chapter/page)
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.
Current behavior
Expected behavior
As a user, I would like to see Security chapter.
Minimal reproduction of the problem with instructions
What is the motivation / use case for changing the behavior?
Environment
For Tooling issues:
- Node version: XX
- Platform:
Others:
Issue Analytics
- State:
- Created 5 years ago
- Reactions:9
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Security <security> - Microsoft Learn
Scroll to the Security section in the Home pane, and then double-click Authentication.
Read more >Is it possible to add security section in web.config to external file
c:\Windows\system32\inetsrv\config\applicationHost.config. change the configuration for the web server: from: < section name="ipSecurity" ...
Read more >Manage a user's security settings - Google Workspace Admin ...
If a security key is in use for this user, click the Security keys section to see when the key was added and...
Read more >Authentication Tools for Secure Sign In - Google Safety Center
Protect your Google Account by taking the Security Checkup. This step-by-step tool gives you personalized and actionable recommendations to help strengthen ...
Read more >Security - Google Account
Security. To review and adjust your security settings and get recommendations to help you keep your account secure, sign in to your account....
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
A comprehensive security section would be extremely helpful. There is a lot of complexity and confusion around the best way to accomplish tight security using NestJS - which is essential if it is to be used for production applications. There are very few examples available to follow. The examples that do exist all seem to either be too simple, have problems, or be somewhat contradictory.
Existing Examples:
NestJS Auth Chapter
NesJS Basic Auth and Sessions Blogpost (artonio)
NestJS Starter Project (CanKattwinkel)
Nest-Angular open Source Project (bojidaryovchev)
Some Specific Points of Confusion
Wishlist
Any guidance for the above would be much appreciated. I think that NestJS is a fantastic project, and would love to start using it in production with confidence that I have got the security right.
Thanks for all the time and effort on NestJS!
One more plug for the above guidance… if NestJS could had a solid production-ready auth strategy, it could be a game-changer in the NodeJS field. Having been reading around in preparation to implement my own auth, I have seen so much confusion and out of date and incorrect guidance, it is clear that this is a NodeJS-wide challenge, and not just a NestJS challenge.
This article gives a pretty good peek-behind-the-curtain of the state of affairs: https://hackernoon.com/your-node-js-authentication-tutorial-is-wrong-f1a3bf831a46