TechQA.

Does Node.js have an equivalent to `open_basedir`?

304 views Asked by At

I'm pretty familiar with security in Apache/Nginx + PHP setups.

In Apache I can set DocumentRoot and in PHP I can use open_basedir to restrict access parts of the file system that shouldn't be accessible to the web server and/or PHP.

However, now that I've created an application run by Node and Express, I'm finding it difficult to secure it. I've searched the web and SO but without finding anything but small scope security tips.

So, does Node/Express have an equivalent to open_basedir or something similar?

php node.js security express open-basedir
Original Q&A
1

There are 1 answers

2
durum On BEST ANSWER

Express will not share any file without your consent. Also does not allow routes with double dots (..) in the received path.

Just use the static middleware and take care of not give access to folders with stuff that you don't want to share:

app.use('/images', express.static('/home/user/images');
app.use('/', express.static('/home/user/public'));

Related Questions in PHP

Related Questions in NODE.JS

Related Questions in SECURITY

Related Questions in EXPRESS

Related Questions in OPEN-BASEDIR

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions