Security

Node v0.8.17 released - fixes security vulnerability - we're urged to upgrade ASAP

Isaac Schlueter just posted this warning .. 
    This release addresses a potential security vulnerability.

    If you do not use TypedArrays, then you're fine (but should still
    upgrade for other reasons, like better performance and npm
    peerDependencies.)

    If you use TypedArrays, you should upgrade to v0.8.17 as soon as
    possible. If user input can affect the size parameter in a
    TypedArray, an integer overflow vulnerability could allow an attacker
    to write to areas of memory outside the intended buffer. Please
    upgrade ASAP.

JavaScript or SQL injection attacks in the Node.js platform?

Alex Popescu writes about some having started to ponder how safe Node.js based servers are against injection attacks.  Traditionally injection attacks were targeting SQL commands being constructed from web queries, and various forms of cross site javascript injection attacks.  The cure for these attacks is to use a robust content filtering system as well as to follow sound software engineering practices.  But many Node.js tutorials and even some live systems apparently have injection attack vulnerabilities.

The Hole in the Wall Daemon