aycangulez / firewall-js

A Node.js library that safeguards your codebase with seamless access control based on directory structure.
MIT License
25 stars 0 forks source link

hi neat project / note on security #1

Open kumavis opened 3 months ago

kumavis commented 3 months ago

saw your work on hn enjoyed the article and discussion

i am a javascript language security researcher in your article you mentioned this playing a role in security

enhance security by limiting the potential for unauthorized actions

if this is true, please bare in mind that these security guarantees can be easily subverted in the following ways:

if this sort of thing interests you, check out:

aycangulez commented 2 months ago

Thank you for your input and suggestions. firewall-js wasn’t originally designed to protect against supply-chain attacks but rather to ensure that the application’s architecture is properly enforced. As you pointed out, it’s not difficult to circumvent access controls if malicious code is present anywhere in the application. I think using both firewall-js and ses together makes sense for enhanced security.