Is there possibility of “Direct browsing of a resource” attack in node js applications and how can I prevent it?
EDIT: I use express framework
Is there possibility of Direct browsing of a resource attack in node js applications
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there possibility of “Direct browsing of a resource” attack in node js applications and how can I prevent it?
EDIT: I use express framework
Node.js
httpservers do not serve any static content, they only call your code. If there is any possibility for an attack it would be in your code, not in Node.js core or in thehttpmodule.Regarding your edit: Express provides a
staticmiddleware, which could open a possibility for a direct browsing attack, if you configure it to serve static files from a directory that contains sensitive resources. If you keep a dedicated directory for your static content, all of which is safe to be browsed directly, and there is no sensitive content below that directory, you’ll be safe if you serve it with Express’staticmiddleware.