开发者

How robust is nodejs as an http server? [closed]

开发者 https://www.devze.com 2023-03-21 16:16 出处:网络
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references,or expertise, but this question will likely solicit debate, a
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 11 years ago.

If I use the http module of nodejs to make a simple http server, how much validation/checking do I have to do?

Does the module take care of security issues like malformed requests and requests with malicious header values? Does the module ensure that everything follows the http spec, or do I have to do a lot of checking to开发者_StackOverflow中文版 make sure that my server isn't easy to crash?

Edit: Let's say nodejs doesn't do any real validation, which I'm pretty sure is the case. What do I have to do to make sure my server isn't easily crashable?


What is a malicious header value? Node is low level, so a lot of things aren't checked. But you have to look at those things. But it isn't like someone can send "execute 0xFA894224" or something. The only holes it's likely to have are things like allowing malformed request (eg, maybe you might get request.location: "\*\*\* CHINAAA \*\*\*", forgetting to launch a socket close event, or throwing a JavaScript error and gracefully terminating.

You can always check yourself for these things, or use a try catch block, process.on, etc. Of course, it's not to say there might not be a buffer overflow or something somewhere, but it is unlikely considering node is built on top of v8, and many of the libraries are pure JavaScript

Edit: How to stop random crashes:

process.on('uncaughtException',function() {
 /* ignore error */
});


NodeJS wasn't made to be used as a world-facing HTTP server. It's HTTP capabilities can, however, be used to proxy requests to a proper web server.

Off-topic, but Nginx is really good at doing this, as it holds a steady-ish number of threads.

0

精彩评论

暂无评论...
验证码 换一张
取 消