I'm pretty familiar with security in Apache/Nginx + PHP setups.
In Apache I can set DocumentRoot
and in PHP I can use open_basedir
to restrict access parts of the file system that shouldn't be accessible to the web server and/or PHP.
However, now that I've created an application run by Node and Express, I'm finding it difficult to secure it. I've searched the web and SO but without finding anything but small scope security tips.
So, does Node/Express have an equivalent to open_basedir
or something similar?