• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Node.js and Security

 
Ranch Hand
Posts: 112
3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Mike, Mark, T.J., and Nathan! Welcome to the ranch.
My question to you is how do you address security with node.js? After looking at your ToC for the book I see you address security with HTTPS in chapter 4 and Connect in chapter 7.
I see that the Node Firm claims to provide node.js with enterprise-level security. Do you address that topic or point in your book anywhere?
 
Author
Posts: 15
5
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Kent O. Johnson wrote:Hello Mike, Mark, T.J., and Nathan! Welcome to the ranch.
My question to you is how do you address security with node.js? After looking at your ToC for the book I see you address security with HTTPS in chapter 4 and Connect in chapter 7.
I see that the Node Firm claims to provide node.js with enterprise-level security. Do you address that topic or point in your book anywhere?



Hi Kent,

We don't go into security in the book, no. Node applications, like applications created using other platforms, tend to employ a lot of add-on modules. Each add-on module presents its own potential security risk.

There's an initiative, contributed to by a number of Node organizations, to track vulnerabilities in Node and Node add-ons that you might want to check out: https://nodesecurity.io/advisories

Cheers,
Mike
 
Kent Bull
Ranch Hand
Posts: 112
3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for your reply Mike. Just you saying that Node.js projects usually use a plugin architecture is appreciated from beginners like me. I wouldn't have thought of it that way unless you mentioned it or until I used Node.js.
I plan on buying your book and going through all of it even if I don't win it here.
 
reply
    Bookmark Topic Watch Topic
  • New Topic