I am developing my next web app with node.js. With ASP.net for example, the .cs server side code can't be accessed from a client browser. What I want to know is when I develop my app using node.js, does the server.js file is protected from people who browse my website. What I mean is that I don't want the visitors of my website to have access to the .js server side code. Can I protect those files using CHMOD file permissions, will it help?
2 Answers 2
If you're using Express.js as the web server you have a "public" folder where you put your static files that are served straight up. Outside of that folder you have other sibling folders where you keep your code like "controllers" and "models." You can't navigate to one of these folders through the web browser so they are inaccessible because your web server's document root is "public."
project_root/
- app.js
- public/ <-- web root
- javascripts/
- stylesheets/
- images/
- some_static_page.html
- controllers/
- models/
- routes/
- views/
- node_modules/
Comments
It's not because Node.js uses Javascript that your files are magically accessible in the browser. In Node.js just like in Asp.net there is a difference between client-side and server-side. If you don't serve your Javascript files to the client than they wont be public.