I'm looking to create a node.js-based middleware service. One of the key factors in this service is that it can potentially be in a private deployment, to which there will be no direct access from our servers to it, only it back to us. I would like to facilitate a means of sending updates to this private deployment that would be able to execute instructions or update the service code itself in a secure way. I've been working a bit with various network modules and liveswap (https://www.npmjs.org/package/liveswap). Before I go re-inventing the wheel, I was wondering if there was a module out there already that addresses this issue. In particular, something that does the following:
- Creates a secure channel (or polling) between a private server and a public one, in such a way that the private server could only receive updates. The private server should have no direct means of accessing the public server. - Allows the private server to poll the public server for updates, or listen for updates if event-driven - Updates should be "signable", or have some sort of private-server-specific authentication that prevents a man-in-the-middle from sending malicious updates. - Allows the sending of finite, limited instructions down to the private server. I don't want arbitrary code execution, for security reasons. - One of these "instructions" should be updating the private server code itself, which is why I was looking at liveswap. There's a number of other concerns, but these are the primary ones. Not rocket science, and I could build it, but I'd rather leverage something existing if possible. Any suggestions or tips would be much appreciated. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
