Kent O. Johnson wrote:Hello Mike, Mark, T.J., and Nathan! Welcome to the ranch.
My question to you is how do you address security with node.js? After looking at your ToC for the book I see you address security with HTTPS in chapter 4 and Connect in chapter 7.
I see that the Node Firm claims to provide node.js with enterprise-level security. Do you address that topic or point in your book anywhere?
Hi Kent,
We don't go into security in the book, no. Node applications, like applications created using other platforms, tend to employ a lot of add-on modules. Each add-on module presents its own potential security risk.
There's an initiative, contributed to by a number of Node organizations, to track vulnerabilities in Node and Node add-ons that you might want to check out:
https://nodesecurity.io/advisories
Cheers,
Mike