Node.js服务器端代码保护

时间:2021-07-30 16:30:09

I am developing my next web app with node.js. With ASP.net for example, the .cs server side code can't be accessed from a client browser. What I want to know is when I develop my app using node.js, does the server.js file is protected from people who browse my website. What I mean is that I don't want the visitors of my website to have access to the .js server side code. Can I protect those files using CHMOD file permissions, will it help?

我正在使用node.js开发我的下一个Web应用程序。以ASP.net为例,无法从客户端浏览器访问.cs服务器端代码。我想知道的是,当我使用node.js开发我的应用程序时,server.js文件是否受到浏览我网站的人的保护。我的意思是我不希望我网站的访问者访问.js服务器端代码。我可以使用CHMOD文件权限保护这些文件,它会有帮助吗?

2 个解决方案

#1


8  

If you're using Express.js as the web server you have a "public" folder where you put your static files that are served straight up. Outside of that folder you have other sibling folders where you keep your code like "controllers" and "models." You can't navigate to one of these folders through the web browser so they are inaccessible because your web server's document root is "public."

如果您使用Express.js作为Web服务器,则可以使用“公共”文件夹放置直接提供的静态文件。在该文件夹之外,您还有其他兄弟文件夹,您可以将代码保存为“控制器”和“模型”。您无法通过Web浏览器导航到其中一个文件夹,因此它们无法访问,因为您的Web服务器的文档根目录是“公共的”。

project_root/
  - app.js
  - public/      <-- web root
    - javascripts/
    - stylesheets/
    - images/
    - some_static_page.html
  - controllers/
  - models/
  - routes/
  - views/
  - node_modules/

#2


1  

It's not because Node.js uses Javascript that your files are magically accessible in the browser. In Node.js just like in Asp.net there is a difference between client-side and server-side. If you don't serve your Javascript files to the client than they wont be public.

这不是因为Node.js使用Javascript,您的文件可以在浏览器中神奇地访问。在Node.js中,就像在Asp.net中一样,客户端和服务器端之间存在差异。如果您不向客户端提供Javascript文件,那么它们不会公开。

#1


8  

If you're using Express.js as the web server you have a "public" folder where you put your static files that are served straight up. Outside of that folder you have other sibling folders where you keep your code like "controllers" and "models." You can't navigate to one of these folders through the web browser so they are inaccessible because your web server's document root is "public."

如果您使用Express.js作为Web服务器,则可以使用“公共”文件夹放置直接提供的静态文件。在该文件夹之外,您还有其他兄弟文件夹,您可以将代码保存为“控制器”和“模型”。您无法通过Web浏览器导航到其中一个文件夹,因此它们无法访问,因为您的Web服务器的文档根目录是“公共的”。

project_root/
  - app.js
  - public/      <-- web root
    - javascripts/
    - stylesheets/
    - images/
    - some_static_page.html
  - controllers/
  - models/
  - routes/
  - views/
  - node_modules/

#2


1  

It's not because Node.js uses Javascript that your files are magically accessible in the browser. In Node.js just like in Asp.net there is a difference between client-side and server-side. If you don't serve your Javascript files to the client than they wont be public.

这不是因为Node.js使用Javascript,您的文件可以在浏览器中神奇地访问。在Node.js中,就像在Asp.net中一样,客户端和服务器端之间存在差异。如果您不向客户端提供Javascript文件,那么它们不会公开。