Since node.js is based on javascript, and since javascript is highly dynamic language, doesn't it mean that code injection on server side is even more dangerous than java or asp.net ?
Any language which allows you to easily evaluate a string as a line of code has inherent security risks. In this respect NodeJS is no worse than anything written in Javascript or PHP.
Even if you write your code in Java, or ASP a naive web programmer may still suffer an SQL injection attack if they are not careful and code injection is only one way in which an application may be compromised.
The key is to carefully filter any input from the user and think very carefully before using eval or writing self modifying code.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With