Dear all, I really like node.js. Great to have JS also in the command line. Only worry I have is security.
there is for example this https://github.com/hacksparrow/virus Let's us be honest. Once installed node.js we like to extend its utitlity, installing packages. Not all we do a thorough code autid before. Consequently I am worried what would happen if the "untrusted" code I run would do harm to my system. This is already a concern in Browsers (and greatly motivates people to use NoScript etc.) How have you guys managed to protect your system from node.js? basically it should be somewhat protected (if run in linux) since you most likely run it your user account. Better even you could run it as an unpriveliged user (suggestion 1). Still I see much potential to provoke havoc and chaos.... with all its powers... node.js resamples an open door to the system (which it really actually should be, with exception to untrusted code). For those who know it. Do you have Apparmor profile that restricts the stuff that node.js can do on your PC? if so can you share? Do you run node.js in a virtual container/machine? How to you protect your stuff in node.js form other stuff in node.js? Thanks for your insights -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
