0

I have a nodejs server written using express module.The input to the server is a url and output is a json response.I came across some attacks called XHR,XSS and CSRF.Express has a function that handles csrf.Node-validator is one module that i came across when i browsed regarding these.Below is the code

Say my url is

localhost:1340/promotionDetails?promotion_id=PROM008765

I have done the manipulation below as

//Validate user input
req.check('promotionDetails', 'Please enter a valid promotionDetails').len(4,5).isInt();
req.checkHeader('referer').contains('localhost');

Is this approach the correct way to handle such attacks.Any idea will be really helpful

Amanda G
  • 1,931
  • 10
  • 33
  • 43
  • It isn't possible to help you. You have posted none of your code, and none of the examples of the attacks you are trying to prevent. These problems are not "Node.js problems"... they are problems with your application. There isn't necessarily a generic blanket solution to the problem. – Brad Mar 11 '13 at 03:37
  • brian I have added the code snippets that i had tried. – Amanda G Mar 11 '13 at 04:08
  • As Brad stated, you have already asked this (pretty much exact same) question. Despite this being a very broad question, I personally gave you an answer that tried to address generic methods for preventing some of these types of attacks. Did you read it? If so, feel free to ask specific questions about why you're solutions to a specific problem are not working. – Nick Mitchinson Mar 11 '13 at 04:14
  • I have not handled these kind of attacks in my code.I am not sure if this is enough for preventing these attacks.I need some idea to proceed further – Amanda G Mar 11 '13 at 04:25

0 Answers0