The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

385415 (1) [Avatar] Offline
#1
Hello,

I'm starting reading your book, but i found that the serveStatic function is poorly secured.
It allows an attacker to get files from the system using the commonly known directory traversal vulnerability.
Is this because the code it's just to show the basics about node.js?

I fixed it using:
filePath = 'public' + path.normalize(url.parse(request.url).pathname).replace(/^(\.\.[\/\\])+/, '');

But i am wondering if i have to do this for every type of vulnerability or should i go with express.js since node.js it's just the platform.

I'm planning to introduce this technology to my company, so i have to be sure about all the security features.

What advise can you give me?
Thanks!