Marwen Trabelsi
Reputation: 4257
Node Server - Source Code accessible
I noticed that when i navigate to localhost:8080/server.js (where my server.js is the server-expressjs obviously) the code of my server is shown in the browser!
Even, if i upload the application to openshift, i get the same result (you can test it):
http://tickets-shkobba125.rhcloud.com/
http://tickets-shkobba125.rhcloud.com/server.js
Is this a security issue? How can i protect my server?
UPDATE
Here my middle-wares:
app.use(express.static(__dirname + '/public')); // set the static files location /public/img will be /img for users
app.use(express.static(__dirname + '/'));
Here my project structure:
Upvotes: 0
Views: 79
Answers (1)
mscdex
Reputation: 106696
The obvious answer is to change the directory used in the express.static() middleware if you're using that. Typically there is a public or similarly-named directory that you would create that holds only your public assets.
Remove the app.use(express.static(__dirname + '/'));, this is what is allowing your code to be public.
Upvotes: 1
Related Questions
- Is there a way to hide my NodeJs source code on customer server?
- node.js - Code Protection?
- How can I get source code of nodejs from running app
- How can I protect node application source code?
- How do I prevent my Node js code from being stolen?
- How can I make script files available to the client in a Node.js Express app?
- How to load source files from Express server for use in HTML file
- View node.js source code on local machine
- How do I prevent Node.js / Express serving up my application's source code?
- Can the code in the server of Node.js be accessed by the client?