Reputation: 41595
How secure is node.js and its server?
Node.js provides us with a very easy way to create a quick server so we don't have to use other's such as Apache or IIS.
This sounds very good but... how secure is node.js server? Can we compare ISS or Apache with node.js which born just a few years ago ?
I've been reading similar questions and some posts about it and they don't seem to inspire much confidence in terms of security. Most of these post are not so recent. Has node.js improved its security during these last years to be able to be used in secure production sites?
It seems to be a large number of big companies making use of node.js but... is it needed an extra effort to secure a site?
I guess using some frameworks such as Express might help on this topic but I'm not sure until which extent.
Upvotes: 3
Views: 3348
Answers (1)
Reputation: 1832
Ultimately, Node.js is only as secure as the developers using it care it to be. The Node.js core itself is pretty robust and the team has been doing an incredible job tackling vulnerability issues efficiently. You can check the latest here.
As for building secure apps, I would recommend you try to know more about how to secure your apps from the start rather than later. You can find good resources at nodesecurity.io. One nice point to start is by checking this blog post on how to build secure expressjs apps (the fundamentals apply to any kind of framework)
Upvotes: 4
Related Questions
- Using Node.js as a simple web server
- NodeJS deployment and security with HTTPS
- Is nodejs secure as is?
- Security framework for Node.js web application
- How do I secure a website / server built on Node JS (running on Ubuntu) & MongoDB?
- Ways to secure Server communication
- Node.js HTTP Server - How to Secure
- node.js and server security issues
- JavaScript, node.js and security
- Security in Node.JS Webserver