Port numbers below 1024 are privileged ports and require elevated permissions to be able to run services on them. Contrary to your system administrator's concerns, the worry isn't about running services on non-privileged port above 1024 as a normal user, but running things as an admin/superuser on the privileged ports like 80 and 443. Firewalls blocking non-standard ports can be problematic in some enterprise settings, but 8080 is a well-known http alternate port and 3000 is also in widespread use; they're typically *not* blocked. I would have some concerns with that particular administrator, based on the questions being asked.
One small recommendation if you do run nginx is to set up forwarding from :8080/something to node on :3000 so the client can retrieve both the static resources served by nginx, and the real-time data served by node, from the same host:port combination. This is because the same origin policy applies to protocol, host AND port number. hope this helps, Darren On Thursday, June 26, 2014 12:27:18 PM UTC-4, Joe Bloggs wrote: > > Hi all! > > So, I would really like to use Angular + Node for some of the data trends, > pie charts, and bar graphs for real-time processing. However, I have to use > a non-standard port (not 80 or 443) to make node work, obviously. The other > thing is, we are running apache on port 80, so I will be using something > like nginx on port 8080, and node on port 3000. The issue of security is > raised. Here is the exact question a surly Administrator has asked me: > > So in order to use these services, the client would have to make a > connection to these ports? If so, that doesn’t sound like a good idea to > me. A lot of CUs firewall and/or filter non-standard outbound ports, so in > addition to security considerations for incoming traffic, there’s the > consideration that many of your clients may not be able to use whatever it > is you’re trying to turn on. Is this some special service they’re trying to > consume and would be willing to adjust their firewalls to access? > > How might one answer this question? Is this an inherently dangerous, > un-secure environment? > > > Thanks, > > Joe > > > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/30b621df-5747-42a9-882f-a945640c513e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
