"mongoose" should be connected

JavaScript
#1

I have tired to pass the Install and Set Up Mongoose fCC test, but replit.com dont allow me to create .env file, so instead I used their create secret.

-1: deleted (dotenv)
0. npm install mongoose --save, npm install mongodb --save

  1. made Atlas account
  2. created cluster
  3. created user with password
  4. configured ip as needed
  5. requiered mongoose
  6. created replit.com secret(.env)
  7. put secret(.env) to a variable _> const mySecret = process.env.MONGO_URI

then:
mongoose.connect(mySecret,{ useNewUrlParser: true, useUnifiedTopology: true });

Test result: “mongoose” should be connected to a database

I would appreciate any advice
Thanks

Your browser information:

User Agent is: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36.

Challenge: Install and Set Up Mongoose

#3

Thanks man you saved me !

#4

Welcome there,

Please note: Whilst this does very-well work, it is a security risk you should not be taking. You are responsible for your database account, and with the URI, anyone can read/write to your database.

This is dangerous because:
a) If you have your credit card linked to your account, and someone starts spamming the database, you could be charged for the excessive requests - this has cost people thousands of USD worth in a single day.
b) If someone uses your database account to host/upload illegal material/data, you could be liable.

If you are unaware, all Replit projects are public, and the URL is easy to find. I am aware of bots roaming GitHub for unsuspecting devs who have accidentally publicised their secrets. So, it does not take a stretch of the imagination to assume there are similar bots on Replit.

It is unfortunate that the change in Replit’s layout/workspace has caused issues with the secrets/environment-variables, and, once we have a sure way to get around this - or Replit make changes - we will let people know.

My advice is:

  1. Do not leave your key anywhere public
  2. Change your database password
  3. Use another service which works better with environment variables (e.g. Glitch, Codesandbox, or locally (does not work for projects, but does for these lessons))

Hope this helps

2 Likes
#5

This is very useful, thank you !

#6

Hello, please read the solution from Sky020, bc my solution was wrong !

1 Like
#7

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.