node.js及其服务器的安全性如何?
[英]How secure is node.js and its server?
问题描述
Node.js provides us with a very easy way to create a quick server so we don't have to use other's such as Apache or IIS. 
Node.js为我们提供了一种创建快速服务器的简便方法,因此我们不必使用其他方法,如Apache或IIS。
This sounds very good but... how secure is node.js server? 这听起来很不错但是... node.js服务器有多安全? Can we compare ISS or Apache with node.js which born just a few years ago ? 我们可以将ISS或Apache与几年前出生的node.js进行比较吗?
I've been reading similar questions and some posts about it and they don't seem to inspire much confidence in terms of security. 我一直在阅读类似的问题和一些关于它的帖子 ,它们似乎并没有激发人们对安全性的信心。 Most of these post are not so recent. 这些帖子中的大多数都不是最近的。 Has node.js improved its security during these last years to be able to be used in secure production sites? node.js在过去几年中是否提高了安全性,以便能够在安全的生产站点中使用?
It seems to be a large number of big companies making use of node.js but... is it needed an extra effort to secure a site? 似乎有很多大公司在使用node.js,但......是否需要额外的努力来保护网站?
I guess using some frameworks such as Express might help on this topic but I'm not sure until which extent. 我想使用一些像Express这样的框架可能对这个主题有所帮助,但我不确定到哪个程度。
1 个解决方案
解决方案1
3 2014-08-19 06:15:05
Ultimately, Node.js is only as secure as the developers using it care it to be. 最终,Node.js只能像使用它的开发人员一样安全。 The Node.js core itself is pretty robust and the team has been doing an incredible job tackling vulnerability issues efficiently. Node.js核心本身非常强大,团队在处理漏洞问题方面做得非常出色。 You can check the latest here . 你可以在这里查看最新的。
As for building secure apps, I would recommend you try to know more about how to secure your apps from the start rather than later. 至于构建安全应用程序,我建议您尝试从一开始就了解更多有关如何保护应用程序的信息。 You can find good resources at nodesecurity.io. 您可以在nodesecurity.io上找到好的资源。 One nice point to start is by checking this blog post on how to build secure expressjs apps (the fundamentals apply to any kind of framework) 一个很好的开始是通过查看关于如何构建安全expressjs应用程序的博客文章(基础知识适用于任何类型的框架)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.