It has nothing to do with node.js.
And actually it is very simple:
1. Do not run untrusted code.
2. Do not use windows.
If you have to run something you don't trust, LXC is suggested. But again, it has nothing to do with node.js in particular, and it's true for almost all programs out there.
17.12.2013, 14:47, "ofencito" <alexo...@gmail.com>:
--Dear all,
I really like node.js. Great to have JS also in the command line.
Only worry I have is security.
there is for example this https://github.com/hacksparrow/virus
Let's us be honest. Once installed node.js we like to extend its utitlity, installing packages.
Not all we do a thorough code autid before. Consequently I am worried what would happen
if the "untrusted" code I run would do harm to my system.
This is already a concern in Browsers (and greatly motivates people to use NoScript etc.)
How have you guys managed to protect your system from node.js?
basically it should be somewhat protected (if run in linux) since you most likely run it your
user account. Better even you could run it as an unpriveliged user (suggestion 1).
Still I see much potential to provoke havoc and chaos....
with all its powers... node.js resamples an open door to the system (which it really actually
should be, with exception to untrusted code).
For those who know it. Do you have Apparmor profile that restricts the stuff that node.js
can do on your PC? if so can you share?
Do you run node.js in a virtual container/machine?
How to you protect your stuff in node.js form other stuff in node.js?
Thanks for your insights--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
