Collaborate Disseminate
From using Node.js for running an entire business, or just a personal home project, how secure really is it?
Having open ports, exposing the main file with personal info (nodemailer info, etc.) or anything else just seems like a bad idea.
… Continue reading How actually secure is Node.js? [closed]
I am very new to HTTP protocol and how it works. When you use http.createServer in Node.js, does it provide any protection against SYN flood attacks?
Node’s get started guide gives a easy to understand code. It gives you a request object b… Continue reading How to protect Node HTTP server from SYN flood attack?
I maintain several Angular apps, which contain thousands of dependencies on NPM packages. GitHub’s Dependabot notifies me of new known vulnerabilities every week (from the CVE database).
For example, Dependabot tells me that moment.js has … Continue reading Is there a database that classifies NPM library vulnerabilities as exploitable vs. benign in the browser?
I am currently creating an app to help with retail management. As you may be able to imagine, user authentication is of great importance as the app will store all kinds of sensitive information such as financial records, inventory status, … Continue reading A Hybrid Authentication method. (JWT, MFA, Cookies, Sessions) [closed]
I have a problem with hiding the VPS IP using Cloudflare. My IP can be found on search.censys.io. I don’t have any DNS leaks. I’m using nginx to reverse proxy a node.js server. Is it possible to hide the IP somehow to protect against DDoS … Continue reading Cloudflare not hide VPS IP (ngnix)
OK, I need some help with this:
I am creating a Node express API, and I want to support the following auth strategies:
Cookie or JWT based authentication that supports MFA (OTP, email, and SMS), for clients (web/mobile) that are internal…. Continue reading Options for various auth strategies for express API
Language used is Javascript.
For context, I am making a password manager where users can store different accounts of service and their passwords. The idea was to store multiple encrypted passwords in the database and decrypt them on the cl… Continue reading Storing encrypted password in database but decrypt it on the client side
I host my website by my own using droplet/VPS service and node.js server. My wesbite uses SSL Cert/HTTPS from LetsEncrypt, VPS service from DigitalOcean, domain registered from local vendor (RumahWeb) managed by CloudFlare.
My VPS server i… Continue reading Some ISP inject malware/ads into my website in the middle of transit
Which framework is good for backend cryptocurrency exchange? (laravel, django, node.js) in terms of scalability, security, …
my question is very similar to this question but it has been closed without an actual answer.
I found an unrestricted file upload vulnerability in a Node.js application. Basically, I am able to upload any type of file and access the upload… Continue reading Node.js Unrestricted File Upload