Node.js安全
[英]Node.js security
问题描述
I am building a basic app using node.js and mysql and just getting a hang of it, I would like to secure the api,like only allow certain people to access the data, maybe by passing a certain token each time a user requests for some information, I tried searching for certain tutorials which used node.js and mysql database and security, I am confused as to which security measure to use, I even read about Json Web Tokens but din't find a proper tutorial for that.Please point me in the right direction. 
我正在使用node.js和mysql构建一个基本的应用程序,只是想了解一下它,我想保护api,例如只允许某些人访问数据,也许每次用户请求时都传递一定的令牌一些信息,我尝试搜索某些使用了node.js和mysql数据库以及安全性的教程,对于使用哪种安全措施感到困惑,我什至阅读了有关Json Web令牌的信息,但找不到适合的教程。为我指明正确的方向。
EDIT 编辑
What I meant to say was, only authenticated users are allowed to get access to data in the api, when a random visitor tries to access a URL he shouldnt be alowed to without proper authentication,what I am mostly looking for now is when a user is authenticated the user should be a sent a token of some sort so then gets access to private data,I don't exactly know how to go about this whole thing.Would be glad if you could clear it up for me. 我的意思是,只有经过身份验证的用户才能访问api中的数据,当随机访问者尝试访问未经适当身份验证就不允许访问的URL时,我现在主要要查找的是用户通过身份验证后,应该向用户发送某种形式的令牌,以便随后可以访问私有数据,我不知道该怎么办。如果您能为我清除该消息,将非常高兴。
3 个解决方案
解决方案1
1 2015-06-10 15:10:24
No sure what your exact question is about, but I think the below will help: 不确定您的确切问题是什么,但我认为以下内容会有所帮助:
Node.js security tips: http://blog.risingstack.com/node-js-security-tips/ Node.js安全提示: http : //blog.risingstack.com/node-js-security-tips/
Secure Express apps with various HTTP headers: https://github.com/helmetjs/helmet 具有各种HTTP标头的Secure Express应用程序: https : //github.com/helmetjs/helmet
Go on an educational Web security adventure: https://github.com/toolness/security-adventure 进行教育性的Web安全冒险: https : //github.com/toolness/security-adventure
Node.js Security presentation: http://www.slideshare.net/d0cent/nodejs-security?qid=c450507b-e491-4e9a-9b05-89d0c82ea10b&v=default&b=&from_search=6 Node.js安全性演示: http ://www.slideshare.net/d0cent/nodejs-security?qid=c450507b-e491-4e9a-9b05-89d0c82ea10b& v= default&b=&from_search =6
解决方案2
1 2015-06-10 15:20:16
I would look at implementing Oauth2 server in your app. 我将研究在您的应用程序中实现Oauth2服务器。 I found this article useful: 我发现这篇文章很有用:
http://blog.papersapp.com/oauth-server-in-node-js/ http://blog.papersapp.com/oauth-server-in-node-js/
解决方案3
0 2015-06-11 02:49:04
Take a look at http://passportjs.org/ . 看一下http://passportjs.org/ 。 Passport has support for alot of authentication methods, however, for your API, you will probably want to use OAuth ( http://passportjs.org/docs/oauth2-api ). Passport支持多种身份验证方法,但是,对于您的API,您可能需要使用OAuth( http://passportjs.org/docs/oauth2-api )。 OAuth is what most popular APIs use to authenticate consumers. OAuth是大多数流行的API用于验证消费者的身份。
For simple projects, You can also use basic authentication, which is what you see when you see the browser prompt asking for username and password. 对于简单项目,您还可以使用基本身份验证,即在浏览器提示您输入用户名和密码时看到的内容。 This authentication information can be sent in the header when API consumers makes requests. 当API使用方发出请求时,可以在标头中发送此身份验证信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.