Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
nchuhoai
on Dec 19, 2011
|
parent
|
context
|
favorite
| on:
Attacking NoSQL and Node.js: Server-Side JavaScrip...
It would be nice to know whether parts of node.js itself are vulnerable to those attacks or just badly written user code
xtian
on Dec 19, 2011
[–]
The paper is just describing common sense stuff: using eval() on user input and passing user input directly to a database.
pothibo
on Dec 19, 2011
|
parent
[–]
With everything node.js provides, I can't understand why someone would use eval()... Specially with user input.
jrockway
on Dec 19, 2011
|
root
|
parent
[–]
Of course they wouldn't. "Node.js" and "NoSQL" appear in the title of this article merely to get people to click the link.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
