Node.js provides us with a very easy way to create a quick server so we don't have to use other's such as Apache or IIS.
This sounds very good but... how secure is node.js server? Can we compare ISS or Apache with node.js which born just a few years ago ?
I've been reading similar questions and some posts about it and they don't seem to inspire much confidence in terms of security. Most of these post are not so recent. Has node.js improved its security during these last years to be able to be used in secure production sites?
It seems to be a large number of big companies making use of node.js but... is it needed an extra effort to secure a site?
I guess using some frameworks such as Express might help on this topic but I'm not sure until which extent.
1 Answer 1
Ultimately, Node.js is only as secure as the developers using it care it to be. The Node.js core itself is pretty robust and the team has been doing an incredible job tackling vulnerability issues efficiently. You can check the latest here.
As for building secure apps, I would recommend you try to know more about how to secure your apps from the start rather than later. You can find good resources at nodesecurity.io. One nice point to start is by checking this blog post on how to build secure expressjs apps (the fundamentals apply to any kind of framework)
Comments
Explore related questions
See similar questions with these tags.
eval()for injection vulnerabilities. First off, run instrictmode. Second off, don't useeval()- ever. The language does not prevent you from writing stupid, insecure code. Like any other language I know, it requires that you use some security common sense.