Friday, 23 February 2018

[Question] Executing Node.js on Hacked Linux Server?

Hello Node-Community,I am quite new on Linux (using Ubuntu) and do set up a (physical) server right now on which a node.js web-application should run. Sorry in advance if I confuse something here.I made a user under which node will be running. The user is already restricted so that he can only read/write/execute files in his home directory and he can execute Node.js with all the network permissions a node-server needs.If my server theoretically gets hacked and someone gets user-level access, he can write and run node.js-code on my server and use my web-application for bad things (Distributing viruses, phishing visitors, ...).Is there anything I can do to prevent such an attacker to execute his own code?Even if I make everything read-only, the attacker can still run code with the node shell-command, right? Is there a way to configure node.js to only run code from (certain) directories or something?

Submitted February 23, 2018 at 01:42PM by SylooxD

No comments:

Post a Comment