O'Reilly logo

Node Security by Dominic Barnes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. Request Layer Considerations

Some vulnerabilities appear at the request phase of your application. As mentioned before, Node.js does little for you by default, leaving you with complete freedom to craft a server that meets your needs.

Limiting the request size

One major request-handling feature that is commonly left out of Node.js applications is size limits. Express (optionally) handles buffering of request body data and parsing that request body into some meaningful data structure. While the request is still being fulfilled, the entire content of that body is in memory. If you place no limits, malicious users have a number of ways to affect your system, such as exhausting memory limits, and uploading files that take up unnecessary disk ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required