Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

node.js and server security issues

Since node.js is based on javascript, and since javascript is highly dynamic language, doesn't it mean that code injection on server side is even more dangerous than java or asp.net ?

like image 282
user310291 Avatar asked Jul 01 '26 07:07

user310291


1 Answers

Any language which allows you to easily evaluate a string as a line of code has inherent security risks. In this respect NodeJS is no worse than anything written in Javascript or PHP.

Even if you write your code in Java, or ASP a naive web programmer may still suffer an SQL injection attack if they are not careful and code injection is only one way in which an application may be compromised.

The key is to carefully filter any input from the user and think very carefully before using eval or writing self modifying code.

like image 169
Nick Long Avatar answered Jul 03 '26 21:07

Nick Long