1. Wrong middleware modelNormally middlewares should be linear, but koa is stacked.koa also introduced the side effect that every express middleware be rewrite due to its fault.2. Wrong encapsulationNormally if client programmers can easily send the final response, middlewares will have no chance to change the body or get the body.but koa processes the final body passed by the middlewares through the ctx object,every middleware can get the final processed body and modify it,which introduces a very severe security problem.This means every middleware can steal the final processed content and further more change it with out notice.The following link is an example showing where koa is wrong and why it is insecure in Chinese.https://www.youtube.com/watch?v=nofVl7eoSz4
Submitted December 31, 2019 at 06:59AM by calidion
No comments:
Post a Comment