Workshop

This workshop contains quiz questions to help cement your learning in this hour.

Quiz

1. Should you store sensitive data like passwords in a text file?

2. Which HTML verb should be used to update records?

3. When security considerations are there in the example in this hour?

Quiz Answers

1. No. Storing data in text files is a good option for data that is not sensitive. Examples of this might be a PID (Process Identifier) or logging.

2. The PUT verb should be used to update records. Because HTML forms do not natively support PUT requests, Express provides a convenience method to add this.

3. In the example in this hour, the security could be improved. You should consider any data that comes from outside your application as tainted. This means you should clean the data when it is received to prevent things like SQL injection and XSS attacks. Similarly, when you are displaying data, you should also sanity check the data. A security mantra worth repeating when you are working with data is “Filter input, escape output.”