How safe is NodeJs for public websites/applications ?

[Mapplexploits]

So, I was wondering how safe would be NodeJs for my web application as I am willing to use it with Socket.io and node-mysql. How safe would it be vs javascript injections and from not letting people browsing my server source files?

Thanks...

 

[AngraMainyu]

So, I was wondering how safe would be NodeJs for my web application as I am willing to use it with Socket.io and node-mysql. How safe would it be vs javascript injections and from not letting people browsing my server source files?

Thanks...

Node.js is as safe as its users are competent. It runs on top of V8, so there's no obvious exploits.

 

[s-p-n]

mysql isn't very good for a non-blocking server. Node is a great tool. There are a fair amount of frameworks/modules and we're starting to see more and more node.js applications. As far as security goes, you're on your own. Building the server, implementing security, and protecting your server's code is up to you. If you tell Node.JS to serve your entire file-system and allow people to upload files everywhere, then you get what you expect- everyone can mess up your server. If you download node.js, you just get a language to code in and the node tools- not a web server with any possible security risks.

You also need to think about things like finding a good framework that implements HTTP standards correctly. Or if you'd rather read the fine print, do it yourself. With that said, be sure to research security in the frameworks you choose. I'm sure somebody implemented something badly, but I couldn't tell you which of the 1000s of modules is secure and which isn't. I believe the NPM repository is said to be clear of malware, I don't think integrity is a guarantee though.

 

[TimeBomb]

I like

You must be registered to see links

quite a bit.

 

[Manova]

In some sense, expressjs makes more sense.

 

[jMerliN]

Run it as a non-privileged user, and don't use new Function or eval.