0

I am working on MVC4 application. This is how my directory structure looks like:

App_Data
App_Start
Content
Controllers
Images
Models
node_modules
Scripts
Views
server.js //This is where my server script resides
Node.exe

This is how it all fits together:

Server.js is running on a server. User goes to a index.cshtml page and a connection to the server is created. If there are multiple users on the same page, they all can share data/thoughts etc. using "kind of" chat. each user's action is relayed to other connected users.

What i am wondering is how do i avoid someone directly pointing to my server.js file from the browser and view the content of it.

Asdfg
  • 11,362
  • 24
  • 98
  • 175
  • 1
    Why would server.js be available to download in the first place? You don't have static access by default. You execute a file and it handles your routing logic the way you define it. You mind want to [read this](http://stackoverflow.com/questions/11311672/building-a-website-using-node-js-best-practice) it has a nice list of resources. – Benjamin Gruenbaum Jul 09 '13 at 22:07

1 Answers1

2

You appear to be running two separate web servers.

The first serves your MVC4 ASP files while the second serves your node.js application.

Placing the node.js files under the webroot of your ASP application makes them visible to browsers that visit your ASP application.

node.js is a web server in it's own right and does not require any other web server to operate.

I would move your node.js application outside of your ASP webroot. This will make its files inaccessible to browsers.

Rob Raisch
  • 17,040
  • 4
  • 48
  • 58
  • 1
    To me this one is the right answer, but maybe with a bit of editing, since is obvious that OP is running IIS and node (thus two web servers). I'll say move server.js out of ASP reachable directory into his own directory. And assign the poster a homework to learn more about node.js applications :) – E. Celis Jul 10 '13 at 03:46