Menu
I want to put node.js on the cloud for an application which has sensitive corporate information. I am afraid node.js is not as secure as some of the older servers since it has not been in the wild a lot. I saw people recommending to use a reverse proxy with it to make it safer. I understand how it is safer since it is not directly exposed to the world. But still, xss and other attacks are possible. From a security perspective only, anyone thinks that node.js is on par with the older servers? Any tips on "how to convince your boss + the corporate security team"?
750
In theory, a reverse proxy wouldn't pass on any requests that it itself couldn't process (including those it's designed to block intentionally).
However, if there were bugs on node.js that would for example make it disclose the contents of certain variables when a request like
GET /x0c/xa0
is received, then the proxy would just pass on that request and relay the answer to the client (attacker).
So there are still risks...
100
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
