duannei1477 2013-12-18 12:10
浏览 44
已采纳

Node.js是否具有“open_basedir”的等价物?

I'm pretty familiar with security in Apache/Nginx + PHP setups.

In Apache I can set DocumentRoot and in PHP I can use open_basedir to restrict access parts of the file system that shouldn't be accessible to the web server and/or PHP.

However, now that I've created an application run by Node and Express, I'm finding it difficult to secure it. I've searched the web and SO but without finding anything but small scope security tips.

So, does Node/Express have an equivalent to open_basedir or something similar?

  • 写回答

1条回答 默认 最新

  • duangan2307 2013-12-18 12:33
    关注

    Express will not share any file without your consent. Also does not allow routes with double dots (..) in the received path.

    Just use the static middleware and take care of not give access to folders with stuff that you don't want to share:

    app.use('/images', express.static('/home/user/images');
app.use('/', express.static('/home/user/public'));
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!