• Members62
  • OwnerRob (tagit)
  • Created2014-11-12
  • AccessPublic
  • TypeTechnology
Location
  • Australia

Top Contributors

Node.js

Ok - I've just finished setting up node on my dev server and run through the tutorials.

Pros are that it is very fast and being very familiar with Javascript made it easy to program

Cons are that it seems you're rewriting everything from the web server to the database interaction

What I'm struggling with is why you'd write a whole web app with Node.  I still can't see going past LAMP as each part is maintained by that community vs Node that is trying to do everything.

Would you ever use Node as just a RESTful service but have the bulk of your site done in PHP?

Have you used Node for any of your projects and if so why and how?
View Previous CommentsLoad All Comments (9)
Rank: Ace

Author Comment

Rob2014-12-29 03:38 PMID: 139730
Gary,

How does Nginx (or Apache for that matter) able to execute Node commands without using the command line?  I've seen about Proxying forward and back, which is essentially the same as having a Node server receiving the request aside from Apache doing the thread blocking until Node has finished (whereas Node wouldn't).

Cd&,

I'm sure you'll correct me if I'm wrong, but isn't Node just an adaptation of ECMAScript rather than server side javascript?  i.e. "Same shit, different smell".  Why would you expect the same issues when it is essentially developed by a different community?
0
Rank: Ace

Author Comment

Rob2014-12-29 03:44 PMID: 139732
What I'm a fan of, is modular programming.  I like using tools that perform the one function.  It means I can swap it out for something else without having to redo the whole application.  This approach does have its disadvantages such as bloating the application and potentially slowing it down, however my experience has been it is easier to manage.

An example is the MVC using CakePHP.  There is Sails.js for Node... maybe this is all about just me needing to get my head around how it fits together like LAMP.

Cd& - found this: ""Node.js is a platform built on Chrome's JavaScript runtime" so your point has merit *grin*
0
Rank: Prodigy

Expert Comment

Gary2014-12-29 03:54 PMID: 139734
For example any request for php or static content are handled by nginx any requests for node are passed to node
You just need to add handlers for the content types.
nginx is like node in that it is single threaded so works well with node

http://nginx.com/blog/nginx-nodejs-websockets-socketio/

Of course your node apps could be connecting directly to node.js on a different port.
0
Rank: Prodigy

Expert Comment

COBOLdinosaur2014-12-30 12:53 PMID: 139777
If you Google node js security vulnerability you will get somewhere around 177,000 hits. Then spend some time on the darknet looking at the the script kiddie hacker sites and you will not be real comfortable unless you really lockdown a site using node.js.

At some point the hackers may run out of attack ideas and discovered vulnerabilities will be dealt with, but at this point it is about as secure as IE6 with activeX enabled in 2003.

Cd&
0

Expert Comment

ltpitt2014-12-31 03:06 AMID: 139795
That is a good point, COBOLdinosaur...

What about the 17,200,000 hits you get googling php security vulnerability, then?
0
Rank: Prodigy

Expert Comment

COBOLdinosaur2014-12-31 11:23 AMID: 139816
PHP has been around a very long time, and most of the vulnerabilities are very old and have been patched.

If you uses php5 security vulnerability you get 172,000 hits. and most of the pages are about enhanced security features.  the difference is that the installed base of PHP is so large (thousand of time the size of node.js) that security issues are found, reported and fixed in a hurry.  The day might come when node.js will have the kind of broad support and a mature community that it becomes much less of a security issue, but as it stands it is too easy a target for use in sites where security is critical.

Just for reference http://w3techs.com/ reports that 82% of sites use PHP does not even list node.js in any of its categories, so comparing the two for security issues is like claiming it would be safer to use a skateboard on the freeway instead of a truck because there are fewer accidents involving skateboards

Cd&
0