Active
Project:
Node.js integration
Version:
7.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Reporter:
Created:
12 Sep 2011 at 10:59 UTC
Updated:
12 Sep 2011 at 11:00 UTC
The configuration file (nodejs.config.js w/ secret key) should be protected from public access.
Maybe all SSJS could be moved to a separate directory (server/?) - that directory then again could/should be moved of the webroot as starting one webserver [nodejs] from within the webroot of another [Apache] feels kind of weird to me :)
Sample .htaccess
# Deny every js by default
<Files *.js>
deny from all
</Files>
# But allow nodejs.js
<Files nodejs.js>
allow from all
</Files>